5th Annual PKI R&D Workshop #1

Keynote is Angela Sasse, she is giving a lit survey of the field so far. Interesting anecdote I had not heard: A bank changed the signage on their ATMs to reflect a their new clour scheme after a merger. This led to a series of complaints from customers who had scratched their PIN onto the old acrylic.

The list of things that the user is expected to learn to use SSL has 19 entries. The list of administrator issues has only 13... It is easy to see who buys certificates. Lots of Glasbergen cartoons, I could post one here but there are many more on his site.

Now we are onto questions. Starting question included an assertion that cars have not got easier to use until very recently. So I had to point out that we no longer spend time adjusting the carb during a drive. Bill Burr is trying to argue that a large part of the problem is that people are just not used to computers, the problem will go away in time. Angela disagrees. I think Bill is right to the extent that people will develop parts of the vocabulary over time, but that is not an excuse for not making it simple.

Now David Chadwick on the fact that X.509 and RFC 3280 have different semantics for name constraints. I think that this is really a consequence of the static trust semantics of X.509. If you want to manage trust on a large scale and make fine grained decisions you are going to need quite a bit of flexibility. X.509 gives only a limited pattern matching capability. Inevitably the semantics of the pattern matching get pulled towards the immediate needs of the person writing the draft.