Hi Everyone, we need to modify some language on the Apache Proposal that is causing a lot of concern amongst a few potential community members. I just heard of this tonight but want to make sure we nip this in the bud.
The proposal says: Lastly, the Internet as a whole is suffering from an erosion of trust following incidents with commercial certificate authorities industry, i.e., compromised root keys, and failures in due diligence issuing real domain certificates. Indeed, mass surveillance, a lack of easy end-user encryption, *a growing demand for key escrow under legal oversight*, and general certificate authority security concerns create the question: How appropriate is the continued dependency on PKI when the goal is to advance the benefits of cloud computing across the technology landscape? The offending phrase is underline above: "a growing demand for key escrow under legal oversight" The intention behind this wording was to bunch these worrying developments together (starting with mass surveillance), but some folks are mis-interpreting this to mean we are advocating increased surveillance and less privacy. I don't know how this gets interpreted like that, either. We need to take quick action to remove this phrase so there is no confusion. Sterling, Nick, how do we do that. Do we schedule a vote? Thanks for your assistance. Cheers, Brian
