Dave Cridland <[EMAIL PROTECTED]> wrote: > In fact, I think certificates are actually the best approach, > because they're better understood, the IPR impact is clearer, they > provide a wide range of options for initial and subsequent > authentication, and both users and developers are more exposed to > them, hence more likely to accept and trust them. I think we have a > solid base there from leap-of-faith to fingerprinting to work with.
I disagree. For the average user, they are the worst possible scenario. They are scared by a long fingerprint or having to create a certificate etc. Very scared! And it's not user friendly to have the user waiting until a key is generated… -- Jonathan
signature.asc
Description: PGP signature
