[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Does the problem need solving?
Even though we have gone well over a decade without an
interoperable solution, I think we got here mostly through applied
denial and kludges. One result of that has been that organizational
users of PKI are stuck with having to live with the trust decisions
made by their OS vendors, their applications vendors, or both.
Another is that people have been trained to click through the "this
cert is not signed by a trusted root" dialog because it is too hard
for an enterprise to push their desired trust anchors to their
I would argue in favor that the problem needs solving. I hope that
there is also a critical mass of people who care enough about the
future of the PKI user experience to do the work.
Can we get a clear statement of what the problem is?
I think I can infer it -- that browsers and other software that have
to supply some set of roots do so ad hoc. There's no unified
mechanism to specify what the collected set of roots is.
Is that the problem? Am I even close? I think having a clear problem
statement should be a prerequisite to having a BOF, myself. Without
this, we're guaranteed that the outcome will not have focus.
I have a lot of other questions, but they presuppose I understand the
problem statement, and I don't know that I do.
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3
USA 28b6 52bf 5a46 bc98 e63d