On 23/7/09 11:13, Eddy Nigg wrote:
On 07/22/2009 06:33 PM, Ian G:
3. You'll still get massive resistance. That's because all of the
mozilla security code, security developers, most of the committees,
and the companies that pay for the developers, the CAs, etc etc are
all invested heavily in PKI. They've got othing invested in OpenPGP.
They've got every dime invested in selling certificates and selling
certificate oriented solutions.
What you are offering will rip the guts out of that business model, so
you won't get any support. In fact you'll be opposed, every step of
the way. Nobody wants to lose their jobs, and you're trying to take
their jobs away from them.
That's the most stupid answer I ever heard from you! There are scores of
CAs which issue S/MIME certificates for free - no cost! They don't earn
a dime and every verification a CA performs could be also done for PGP
keys. It has NOTHING to do with selling and business models.
Well, Eddy, I'm sorry that you feel things that you don't understand are
stupid. This is as common as the common cold, there ain't no cure for it.
Just to clarify: all business models include some form of give-away,
for free, no cost! The notion that CAs give away S/MIME certificates
for free - no cost! - is proof that CAs may be engaged in business, and
may have a business model.
The problem
with PGP is far bigger IMO. In the end, the client software would still
have to find a path to a trusted CA for PGP keys - something which
doesn't quite exist.
Oppose! You know OpenPGP is bad for you :)
Your opposition is based on a theory that is entirely ludicrous given
the trillions of emails of evidence and the millenia of tradition in how
people deal with real relationships.
No matter. Another decade won't matter.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
