On Mon, 9 Sep 2013, Ted Lemon wrote:
It might be worth thinking about why ssh and ssl work so well, and PGP/GPG
don't.
Umm, I question a conclusion that either ssh or ssl work well. ssh works
reasonably well around me because I can help everyone get the details
aligned. Even knowing all the rules, I frequently spend time fixing
permission issues. Furthermore, the kinds of connectivity generally
supported is that used by techies.
ssl works so well that I've never worked in an environment with client
certificates. (That was sarcasm, more to follow.) It works so well for me
that it took 3 tries to get a cerficate and install it for MS Exchange
OWA. I had a server cluster to move to a new data center. Two certificates
for two sites. My experience to that point was I had to enter a pass
phrase to get the web server to start. Turns out one certificate had
a pass phrase and one didn't, so when porting the first site didn't
result in a passphrase prompt, I conconcluded that I didn't have ssl
working OR that somehow the passphrase prompt wasn't enabled. I spent
hours and hours and didn't figure it out until I ported the second site.
I think there is a common problem for all the variations of encryption.
The tools and human interfaces are seriously lacking features needed
to make use smooth.
Code signing is another sore spot for me ... the hoops I have to
jump through to update the certificate are amazing. Confounded
last year by expiration of the root certificate.
Dave Morris