On 07/22/2009 06:33 PM, Ian G:
3. You'll still get massive resistance. That's because all of the
mozilla security code, security developers, most of the committees,
and the companies that pay for the developers, the CAs, etc etc are
all invested heavily in PKI. They've got othing invested in OpenPGP.
They've got every dime invested in selling certificates and selling
certificate oriented solutions.
What you are offering will rip the guts out of that business model, so
you won't get any support. In fact you'll be opposed, every step of
the way. Nobody wants to lose their jobs, and you're trying to take
their jobs away from them.
That's the most stupid answer I ever heard from you! There are scores of
CAs which issue S/MIME certificates for free - no cost! They don't earn
a dime and every verification a CA performs could be also done for PGP
keys. It has NOTHING to do with selling and business models. The problem
with PGP is far bigger IMO. In the end, the client software would still
have to find a path to a trusted CA for PGP keys - something which
doesn't quite exist.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
