> No. There is no consensus. There are opposing camps. One camp > believes that the solution is to drop all self-signed certs. Another > camp believes that Key Continuity Management is the answer. Yet a third > camp believes that user training has to be done, and the UI needs a > little tweaking, is all. A fourth camp has written off SSL / secure > browsing as irrepairably flawed. A fifth camp believes that only > protocol bugs and the number of bits is security, the rest is outside > purview. A sixth camp believes this is not a technical issue at all, > and will be solved by the lawyers. If we look over the hill, we'll see > other camps, hear much muttering, and in the end, we all return to our > cups and mutter on...
How about a consensus that there is no consensus? [camp A] NO! [camp B] NEVER! Thanks for the nuanced answers Ian G and the rest, I've enjoyed this chat. I'm not sure exactly what I had hoped to contribute, but I've certainly educated myself. > You want a cup of wine with your muttering? :) 1994 Urbina Gran Reserva Rioja if you please. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
