browser vendors and CAs agreeing on high-assurance certificates
David Mercer
radix42 at gmail.com
Fri Dec 23 13:06:12 EST 2005
On 12/23/05, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> PKI in browsers has had 10
> years to start working and has failed completely, how many more years are we
> going to keep diligently polishing away before we start looking at alternative
> approaches?
There have been several long threads over on the cap-talk list the
last few weeks about what to call (still not fully baked) web
capability pointers such as WideWords and httpsy urls.
The point in those discussions that I think is most relevant to this
thread is the fact that there was only a very minor side discussion
about the fact that all of these techniques for granting more fine
grained permissions on the Web that are in the R&D stage use SSL/TLS,
but not PKI, and would very often toss up a certificate warning if you
didn't pay the "cert tax". The point was made that users have been so
conditioned to ignore them or click on Ok in general, that that itself
was not the biggest barrier to their (potential) future wide
deployment, at least not in relation to other UI issues for their use.
-David Mercer
Tucson, AZ
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list