Nick Lamb <[email protected]> writes: >In the examples I've reviewed the decision seems to have been made (either >explicitly or tacitly) to leave the really difficult problem - specifically >achieving confidence in the identity of the subject - completely unaddressed.
There wasn't any decision to leave it unaddressed, no-one had ever expressed any interest in this at any point during the work on the previous protocols, so there's nothing about it in any of the specs. If anyone did care about it, it shouldn't be too hard to add support for it to any of the existing protocols. >So the answer to your question is that ACME's selling point is that it solves >the problem lots of people actually have Well, it solves a problem that no previous protocol, or potential user of the protocol, had even acknowledged as a problem before. Whether that's (a) worth creating an entirely new protocol rather than just adding support for it to an existing, long-established one and (b) will make said new protocol a success when every other attempt to do this has failed, is another matter. >I presume the "blows up in your face" comment was purely because of ACME's >hilarious choice of name, You guys really need to do some work on that one :-). Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
