One of the important features of LetsEncrypt that we must not lose sight of is the ease of use goal.
99% of the pain involved in PKI today is unnecessary. I timed myself installing S/MIME certs in various email clients and it took between fifteen and thirty minutes. And I know what I am doing (unlike the typical user). Easy to follow instructions invariably turn out not to be for a large number of reasons. Not least the instructions are usually out of date. So while they might be simple they are also WRONG. Lab testing is useful but it can also be a cop out. The behavior of a paid test subject in a fifteen minute test rarely reflects that of a real user's daily use. It is very informative for sales though. I have been working on fixing this for S/MIME and I have written a program that will configure Windows Live Mail to use S/MIME with no user input at all. This is very similar to the planned user experience for Lets Encrypt but it would be good if we could get the objectives down and generalize them. 1) User interaction is only permitted for the purposes of 1a) Obtaining information that only the user can provide 1b) Providing information to the user 2) All information necessary for the user to make a decision will be made available. 3) Adding security should require no additional user effort. The first one is the key. The user should never have needed to do anything more than say what their CA is and provide any necessary validation data.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
