Policy-Discussion

[Ian G <iang AT systemics.com>]

home_pw AT msn.com
 wrote:

> It was web way of thinking that took a 10 year old std 
> technology (for securing TCP), and in Netscape's hands 
> became SSL and https - an adoption phenomenon. If I had 
> imposed IETF ways of thinkings about the certs in SSL, it 
> would never have got off the ground. I had to seize the 
> moment, and liberate certs from trusted, assured, correct, 
> well reasoned security doctrine. And let them float, in the 
> hands of the folks they were meant to benefit. I wrote my 
> book on dig certs with the same mentality: appeal to the 
> visual basic programmer: don't be afraid of MS cert server 
> just because you don't have a security clearance. Go play 
> with it! Go own it! Go and try! There has to be a google in 
> something that can generate the sheer volume of words used 
> to discuss it!


What book was that?  I can think of a few people to hit with 
it...


> Reliance is a concept word. btw. It doesn't mean reliable, 
> nor does it mean trustworthy; has little nothing to do with 
> security even. Its an accountability mode. I can use your 
> stuff (making you accountable for level A), and then I can 
> rely on your stuff (accountable to level B). Reliance is a 
> class B accountability, where *my* very use has an impact on 
> *you* - who introduced the damn thing to me.


!

iang