Well you listened and then made sure you did the opposite. So I decided that engagement was counterproductive.
One of the things I have learned in the crypto world is that getting people to use crypto is very very hard. In fact we are both using email right now, we both know plenty of ways to use signatures and encryption but neither of us is doing that. Creating an ecosystem in which people use crypto is much much harder than making the out of pocket cost zero. PGP had that 25 years ago and look where use of GPG is today. On Mon, Oct 22, 2012 at 10:52 AM, Paul Wouters <[email protected]> wrote: > On Mon, 22 Oct 2012, Phillip Hallam-Baker wrote: > > One consequence of that positioning was that they could not accept any >> advice from >> any of the people who work with CAs as they imagined all such advice was >> designed >> to sabotage their efforts. Which meant that they began by cutting >> themselves off >> from all advice from people with practical experience of what they were >> attempting >> to do. >> > > We listened Phillip. In fact, we bend over backwards for the PKIX people, > and you got various Usage types specifically to support the CA model. The > fact that this model has diminishing returns is something you can behind > bring up at CABforum's reconfirmed closed doors. > > > The big problem with DANE is that it relies on people putting correct >> information >> into the DNS and keeping it correct >> > > Luckilly, people already need to do that and have years of experience of > putting the right data in DNS. > > > even when it is going to have (initially) >> marginal impact on functionality. Information in DANE could be useful for >> some >> parties to use to curate certificate data in combination with other data >> but it >> isn't viable for client enforcement in an end to end model. >> > > Now who's levelling downtown Niagra? > > > Any plan that relies on the typical Webmaster doing anything different is >> unlikely >> to succeed. >> > > The webmaster just needs to stick to the same "CA", whether a private > one, or one from CABforum. I fail to see the rocket science here, though > there is clearly the appearance of a smoke screen here. > > Paul > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
