At 3:32 PM -0400 6/13/02, Harald Koch wrote:
Of all the gin joints in all the towns in all the world, Stephen Kent
had to walk into mine and say:
Why does everyone keep thinking that explicit trust is an essential
element of every PKI?
If the reasonably intelligent, technically skilled persons in the IETF
can't "get it", what makes you think anyone else will?
The technical skill of most of the individuals in this debate is not
in the area of security. Also, there has been a very big PR campaign
for many years that was designed to cause people to equate explicit
trust and PKIs, because those who funded the campaign were public CAs
requiring such trust. That campaign has been effective in creating a
perception among many folks, technical or not, intelligent or
otherwise, and it is this perception that clouds this discussion, in
large part. But, on any case, it is not necessary for everyone to
"get it" for everyone to "use it."
Steve