Industry standards bodies are bad, when they shut out input the people
who they're supposed to be benefitting. (Who are, really, the
ultimate stakeholders.)
A perfect example (outside of the current debate) is the Bluetooth
consortium. I, as an individual developer and researcher, can't get
access to the protocol specifications since they restrict those to the
membership, and the membership to accredited organizations (which
appears to be schools for research and corporations for development).
I realize that it sounds like a "wah, why not me?" argument, but part
of the reason the Internet actually works is because the standards are
freely available to the public. Without the IETF and the IETF
meetings, would we be able to have this conversation?
In this case, the CAs and browsers are colluding to make things easier
for themselves... without looking at what's happening in the real
world. The CA/B forum is closed to people who want to have a dialogue
with the browser vendors about concepts of CAs that don't involve
WebTrust/ETSI requirements simply because they don't have any reason
to provide financial levels of identity -- and so, the browser vendors
are given the impression that *only* WebTrust/ETSI matters.
This leads to situations like we currently have, where the barrier of
"security roadblocks" is so high that nobody can educate their users
what they're doing when they're clicking various buttons in the UI.
("legitimate sites will never ask you to add an exception" my ass.)
-Kyle H
On Thu, Jan 1, 2009 at 1:34 PM, Gervase Markham <g...@mozilla.org> wrote:
>
> But, having commented on those errors of fact, I can't quite see what
> you are saying apart from "industry standards bodies are bad". Is that it?
>
> Gerv
> _______________________________________________
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
