[118625] in Cypherpunks
Re: Radicchio PKI standards group for mobile phones
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Oct 4 11:42:09 1999
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cypherpunks@toad.com
Cc: dmiller@ilogic.com.au
X-Charge-To: pgut001
Date: Tue, 5 Oct 1999 04:07:40 (NZDT)
Message-ID: <93904966011319@cs26.cs.auckland.ac.nz>
Reply-To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Damien Miller <dmiller@ilogic.com.au> writes:
>On Thu, 30 Sep 1999, John Gilmore wrote:
>>Well, except the part about the Certifying Authority "generating key
>>pairs" and then handing over the supposedly-private key to the individual
>>along with the signed public key.
>
>Australia Post's failed KeyPOST CA did this too.
When did they fail? Their web page is still up, are they just plodding along
like the traditional government bureaucracy project, or have they been
declared officially dead?
>I suspect part of the reason for their failure was avoidance by clued-in
>users.
I think it was more a "solution in search of a problem" issue - once you've
paid your annual tithe to Verisign or Thawte for a "make the warning dialogs
on the users browser go away" server cert, what further use is a CA to the
average person? I know what the theoretical use is, but what real, practical
use does it currently have which is sufficient that users will pay for it?
Peter (who only last week talked to someone from an organisation similar to
Australia Post which wanted to set up a CA. They had no idea what they
were going to do with it[0], but apparently it's fashionable to run a
CA if you're a large organisation. Maybe it's some variation of the
Dilbert "If I wear my hair in a ponytail I become cool" principal).
[0] I mean they had literally no idea what use their CA was going to be, every
time I asked I got diverted into visions of smart cards and S/MIME and
authentication and $buzzword1 $buzzword2 $buzzword3.
