[cryptography] After the dust settles -- what happens next? (v. Long)

Paul Hoffman paul.hoffman at vpnc.org
Sun Sep 11 20:26:18 EDT 2011

On Sep 11, 2011, at 4:50 PM, Ian G wrote:

> So, what happens now?  As we all observe, there are two approaches to dealing with the collapse of faith of the PKI system: incremental fixes, and complete rewrite.

We don't "all" observe that. Some of us observe a third, more likely approach: nothing significant happens due to this event. The "collapse of faith" is only among the security folks whose faith was never there in the first place. A week after the event, who was talking about it other than folks on these lists and lists like them?

This is not to say that nothing should happen: it should, but it should have happened long ago. The fact that it didn't, and continues not to, should be significant to those predicting what will happen "next". Personally, I'm hoping that the DANE work finishes and gets widely deployed, but I would not bet that it will. Even if it does, I would be absolutely shocked if 90% of major web sites ten years from now were *not* using CA-issued certs for TLS.

--Paul Hoffman

More information about the cryptography mailing list