On 28/07/2010 13:18, Peter Gutmann wrote: > Ben Laurie <b...@links.org> writes: > >> I find your response strange. You ask how we might fix the problems, then >> you >> respond that since the world doesn't work that way right now, the fixes >> won't >> work. Is this just an exercise in one-upmanship? You know more ways the >> world >> is broken than I do? > > It's not just that the world doesn't work that way now, it's quite likely > that > it'll never work that way (for the case of PKI/revocations mentioned in the > message, not the original SNI). We've been waiting for between 20 and 30 > years (depending on what you define as the start date) for PKI to start > working, and your reponse seems to indicate that we should wait even harder. > If I look at the mechanisms we've got now, I can identify that commercial PKI > isn't helping, and revocations aren't helping, and work around that. I'm > after effective practical solutions, not just "a solution exists, QED" > solutions.
The core problem appears to be a lack of will to fix the problems, not a lack of feasible technical solutions. I don't know why it should help that we find different solutions for the world to ignore? -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com