PKI: no silver bullet, but not worthless either

John Robb's comment -- certification isn't worth doody -- overstates the case. Despite exploitable flaws in the PKI/SSL infrastructure, I would rather transact business with a company that has identified itself to some third party than with a company that hasn't.

I'd also much prefer to transact business with individuals who take the trouble to identify themselves to some third party. The assurance offered by my Thawte freemail cert, while minimal, is far more than what's available in typical email discourse.

Just because PKI has been oversold doesn't mean it should be underestimated. Groove shows us just how seamless the exchange of trust can be for users. Although it presumes a PGP-like model, it was built to be -- and in version 2.0 has become -- a system than works with enterprise and cross-enterprise PKI-based trust. The issues addressed by PKI aren't going away, and the technologies woven into PKI will play out in our lives one way or another.

Former URL: