On Wed, Jul 28, 2010 at 01:25:21PM -0400, Perry E. Metzger wrote: > My mother relies on many certificates. Can she make a decision on > whether or not her browser uses OCSP for all its transactions? > > I mention this only because your language here is quite sticky. > Saying it is "up to the relying parties" is incorrect. It is really > up to a host of people who are nowhere near the relying parties. In > most cases, the relying parties aren't even capable of understanding > the issue.
Precise and concise language in a fast moving thread with participants with diverse backgrounds is going to be hard to come by. Better to quit than hold out for that (unless you enjoy being disappointed). I'm hardly the only "sinner" here on that score. "up to the relying parties" means "up to the browsers", where users-as- relying-parties are concerned. That also means "getting software updated", which to some degree means "getting my mom to do stuff she doesn't and shouldn't have to know how". It shouldn't mean "getting my mom to enable OCSP" -- that would be hopeless. "up to the relying parties" means "up to the server" as well, since servers too are relying-parties. Again, if everything is too hard, why do we bother even talking about any of this? ETOOHARD cannot usefully be a retort to every suggestion. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com