[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does the problem need solving?

On Tue, 19 Jun 2007, Paul Hoffman wrote:
Even though we have gone well over a decade without an interoperable solution, I think we got here mostly through applied denial and kludges. One result of that has been that organizational users of PKI are stuck with having to live with the trust decisions made by their OS vendors, their applications vendors, or both. Another is that people have been trained to click through the "this cert is not signed by a trusted root" dialog because it is too hard for an enterprise to push their desired trust anchors to their employees.

Given that most users already click through the "THIS IS UNSAFE" popup
boxes from their myriad applications, do we actually believe that this
work will have any effect at all on the trained end-user?

I'm certainly willing to believe that this may make the administrator's
job different - but I'm having a hard time stretching to the belief that
the end-user is going to change (or possibly even notice) whether their trust decisions involve one TA, many TAs, valid TAs, invalid TAs.

"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."