what is killing PKI?

Melvin Carvalho melvincarvalho at gmail.com
Sat Aug 25 13:37:27 CEST 2012

On 24 August 2012 22:06, Robert J. Hansen <rjh at sixdemonbag.org> wrote:

> On 08/24/2012 08:24 AM, peter.segment at wronghead.com wrote:
> > I propose to you (and to the people who are putting all that hard
> > work into gpg) that there are actually two "things killing PKI":
> At risk of sounding dismissive, I really don't care what your pet theory
> is until such time as you get out into the field, do a formal usability
> study, write up the results and get them accepted to a peer-reviewed
> journal.  Once you do that, I will be happy to read your paper, give it
> due weight, and refer other people to it.
> Until then, the definitive work is "Secrecy, Flagging and Paranoia:
> Adoption Criteria in Encrypted Email," by Gaw, Felten and ... one other
> author, blanking on it right now.
> Everyone on this mailing list has their own pet theory for why PKI
> adoption is so lousy.  All of us are probably wrong.  However,
> published, peer-reviewed studies of PKI adoption and the forces driving
> and inhibiting them are probably less wrong.

I think everyone on this list would love to see more pervasive PKI
adoption.  Peer reviewed literature certainly provides a high quality
basis, in not only describing a problem, but offering well thought through
viable approaches.  Although not academic, I've read through many papers,
I've been very grateful for the research produced and made available time
and again to advance knowledge in technical areas.  I've started looking
trough the pointers on this thread, thanks for the links.

However, I would point out that this is not the only approach, when it
comes to adoption.  For example, the WorldWideWeb paper written hypertext
conference, that had the first working web server, web browser, most of
HTTP ahd HTML described, was peer reviewed and dismissed after submission.

I do think there are advantages to trying to think outside the box
sometimes, especially when it comes to things like The Web and Web
Integration.  I'd love to see for example, a browsable web of trust, or a
PKI experience that you could use simply from a browser, that even a
beginner would find intuitive.

I dont work day in, day out with GPG, but I do take an interest, but one
thing the web has proved time and again (perhaps like no other technology
to date) is the ability to deliver to a mass audience.  It's not the only
approach, but perhaps looking at a big picture can help deliver GPG to a
wider audience.

> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120825/d3a49de4/attachment-0001.htm>

More information about the Gnupg-users mailing list