A mighty fortress is our PKI, Part II
Nicolas Williams
Nicolas.Williams at oracle.com
Wed Jul 28 13:38:10 EDT 2010
On Wed, Jul 28, 2010 at 01:25:21PM -0400, Perry E. Metzger wrote:
> My mother relies on many certificates. Can she make a decision on
> whether or not her browser uses OCSP for all its transactions?
>
> I mention this only because your language here is quite sticky.
> Saying it is "up to the relying parties" is incorrect. It is really
> up to a host of people who are nowhere near the relying parties. In
> most cases, the relying parties aren't even capable of understanding
> the issue.
Precise and concise language in a fast moving thread with participants
with diverse backgrounds is going to be hard to come by. Better to quit
than hold out for that (unless you enjoy being disappointed). I'm
hardly the only "sinner" here on that score.
"up to the relying parties" means "up to the browsers", where users-as-
relying-parties are concerned. That also means "getting software
updated", which to some degree means "getting my mom to do stuff she
doesn't and shouldn't have to know how". It shouldn't mean "getting my
mom to enable OCSP" -- that would be hopeless.
"up to the relying parties" means "up to the server" as well, since
servers too are relying-parties.
Again, if everything is too hard, why do we bother even talking about
any of this? ETOOHARD cannot usefully be a retort to every suggestion.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list