Where is this invisible market?? I don't consider newsgroups & mailing
lists a widespread market and IETF pgp signing sessions are hardly the
way I expect to see internet commerce to evolve. In my user
community (a company), I have a harder time selling PGP than I do with
PEM.
Where are any businesses on the Internet? Where is this so-called
PEM-using market? If I had two products and I prefered one over the
other, it would be very easy for me to sell that one over the other.
Have you ever had a PGP-enthusiast stand next to you in front of the
people to whom you "have a harder time selling PGP" and debate the
issues?
Show me a company that wants to do business on the Internet, even one
that you say will buy into PEM, and I can set them up to use PGP as
the client authentication system within a week, probably sooner!
(This is assuming that they have all the hardware/software
infrastructure to run PGP and maintain client records already in
place. E.g., they already have computers installed).
I can do this *today*. In fact, I can even describe how I'd do it,
too! No CA's are required. Clients can maintain some level on
anonymity (although they do at some point need to provide a credit
card, but only once, to the company) and the company can verify the
orders.
PGP has a much wider distribution than PEM. I see PGP messages
(signed and/or encrypted) every day. I rarely, maybe once every 2
weeks, see a PEM-encoded message. Just look at OSI, the "approved
networking standard" -- See how many OSI implementation exist, and how
many are actually in deployment? Now compare that to TCP/IP. I'm
sorry, but installation base is a big factor in marketeering.
Go try to market a 175V, 50Hz appliance in the US and see how much
response you get from consumers. ;-)
-derek
Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
Home page: http://www.mit.edu:8001/people/warlord/home_page.html
warlord(_at_)MIT(_dot_)EDU PP-ASEL N1NWH PGP key available