On 2014-04-27, at 9:43 AM, ianG <[email protected]> wrote: > On 25/04/2014 16:36 pm, Jeffrey Goldberg wrote:
>> I hated X.509 when it was first being introduced, and much preferred PGP’s >> “Web of Trust”. I still hate X.509 for all of the usual reasons, but I now >> have much more sympathy for the design choices. It fails at its goal of not >> demanding unrealistic from ordinary users, but at least it tries attempts to >> do so. > There is a slight problem with goals here. PKI was never designed for > ordinary users. We happen to live on a planet where most users are ordinary users. > If you read the original documentation of how PKI was > organised before the web-PKI was invented, it talks about how each > relying party has to enter into a contract and verify that the CPS > provides the answer they are looking for. Interesting point. Some of that history is now coming back to me. > When they did the web-PKI however they threw away all of the reliance > contract requirements, or buried them, but kept the language of trust. > As you point out, they had to do this because ordinary users won't go > through the process of CPS and contract review. And so other than the terminology I used, I think that my point still stands: “Web-PKI" is terrible for all of the familiar reasons, but at least it tries to provide something that just might work for ordinary users. Cheers, -j _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
