Sunday, March 21, 2004

Digital certificates - still harder than the hardest thing you know

Nice piece from Jon Udell who thinks that he may have installed more certs on more browsers on more platforms than anyone in history (which is some confession given how generally difficult that is). Someone's written to him pitching a product which is not unusual and they claim it works, which is also not unusual - the pitcher says do you suppose free email certificates wouldn't be free today if people actually wanted them? They are free because nobody will pay for them, and even at the cost of nada, few actually do. I think this points out that people as a whole just can't work with PKI's complexity, portability and constant renewal hassles. And Jon's killer punch is PKI is only a first draft of the solution. It's possible that we'll need to rip it up and start over. It's also possible, though, that we can refine and improve it. But not if current implementations don't evolve in response to use. 30 years to get to the trough of discontent and still noone uses them ... global mutual trust without pain? hmmm ... rip and refine or, more likely, rip, rethink, replace and redo (from scratch)

No comments:

Post a Comment