On 11/10/2011 09:36 AM, Daniel Kahn Gillmor wrote: > On 11/10/2011 12:14 PM, Phillip Hallam-Baker wrote: >> For all the faults you see in the SSL/CA system the fact is that it is the >> only application of public key cryptography that has been successful on the >> Internet. Actual use of S/MIME, PGP and IPSEC remains negligible. > > The widespread deployment of X.509/CA infrastructure is *precisely* the > reason that it's important to make sure that problems are identified, > acknowledged, and fixed. It's not a magic wand to make the problems > disappear. >
I'd like to point out Ian Goldberg's fantastic work on a crypto system that actually works in the wild: http://www.cypherpunks.ca/otr/otr-wpes.pdf It's not perfect but it works and it works automatically. I find that it's more common to OTR with someone than for them to have used SSL to connect to their chat service. Their chat service generally is not accessed in a web browser, I might add. All the best, Jacob
