1/ Question: What should 'the PKI' look like in 10 years?
-
-
Replying to @sleevi_
Should it be a PKI per industry? That is, one set of roots/policies for WebPKI, one set for IoT, one set for Point of Sale, one for cars,etc
3 replies 0 retweets 4 likes -
Replying to @sleevi_
Should it be the current system? Where there's "one", but browsers are responsible for shepherding it (and dealing w/ other industries)
2 replies 1 retweet 3 likes -
Replying to @sleevi_
Should it be something new - like a centrally managed PKI (the return of the X.500 Global Directory)?
2 replies 0 retweets 2 likes -
Replying to @sleevi_
I ask because we are at an inflection point - either browsers bend to accommodate the other systems, or they fragment off. Which is worse?
1 reply 0 retweets 5 likes -
Replying to @sleevi_
Bending is worse if it means harming security. What's the problem with fragmenting? That the fragmented PKIs will be terrible?
1 reply 0 retweets 1 like -
Problably true, however non-browser security is so bad (IoT being extreme example) that CA policy is the least of their problems.
1 reply 0 retweets 2 likes -
Even if you throw their CA stores to the wolves, more likely they'll fall by an endpoint vulnerability than a CA failure.
1 reply 0 retweets 1 like -
If an industry is truly serious about security, they could be accommodated by browsers to extent it doesn't harm security.
1 reply 0 retweets 3 likes
A litmus test could be whether you have robust auto-updating. If so, you're probably tall enough to ride the Web PKI.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.