[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Too many options

To: jehorton@xxxxxxxxx
Subject: Re: Too many options
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 5 Sep 1997 16:22:46 -0400
Cc: "ietf-pkix@xxxxxxxxxx" <ietf-pkix@xxxxxxxxxx>
In-reply-to: <>
References: <>

John,

>IMHO the difference between these 2 scenarios can be explained in one
>word - TRUST.  Not that these 2 systems can't be trusted, but the
>perception of trust by the those that must buy into a system - the end
>users and owners of these types of systems.  Any system that is to be
>used widely and effectively must be able to be trusted beyond a shadow
>of a doubt by everyone.
>
>Scenario A provides Alice an opportunity to actively participate,
>therefore allowing buy-in and building the trust factor.
>
>Scenario B removes Bob from any involvement, thereby creating doubt and
>the possibility of misperceptions about the trustworthiness and
>integrity of the system.

The context Al described involves an employer and employee relationship,
not a client and a public CA.  The employer in the example is the only CA
that will certify this individual as an employee.  The token is probably
owned by the employer, not the employee.  This is analogous to employee ID
badges.  When my company changed from analog photos to digital ones and
reissued the badges, the employees didn't have a say in the matter.  This
example is not a free market one inn which the employee gets to choose the
CA.  While your comments are appropriate in some contexts, they do not
apply in all CA examples, including the specific one Al described.

Steve

References:
- RE: Too many options
  - From: Arsenault, Al W.
- Re: Too many options
  - From: John Horton

Prev by Date: Re: Too many options
Next by Date: Key Usage Extension Encoding
Previous by thread: Re: Too many options
Next by thread: Re: RE: Too many options
Index(es):
- Date
- Thread