Ed Reed wrote:
Getting PKI baked into the every day representations people routinely manage seems desirable and necessary to me. The pricing model that has precluded that in the past (you need a separate PKi certificate for each INSURANCE policy?) is finally melting away. We may be ready to watch the maturation of the industry.
In your long and interesting email you outlined some issues with the tool known as PKI. What I'm curious about is why, given these issues and maybe 100 more documented elsewhere **, you propose that: "Getting PKI baked into the every day representations people routinely manage seems desirable and necessary to me." We have this tool. It has many and huge issues. What I don't understand is why the desire is so strong to put this tool into play, when it has singularly failed to prove itself? Where does the bottom-up drive come from? Why is it that what "people do routinely" isn't driven top-down, so that the tools they need are application driven, but is instead subjugated to the tools-first approach, even against such negative experience and theory? iang ** some here: http://iang.org/ssl/pki_considered_harmful.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]