[cap-talk] Firefox and identifiability, small steps or large

[David Hopwood]

Ian G wrote:
> I think we are all agreed that the PKI
> model as deployed is "broken or in need
> of radical repair."
> 
> However, where I think I differ from
> some is that I don't see that it is possible
> to change the model that is in place that
> much.  In that, I know of no event that is
> likely to cause the browser manufacturers
> to change their code base over drastically
> and put in a new security model.

The "browser manufacturers" are not just Netscape and Microsoft any
more. It really is practical to fix the open source browsers to do
whatever we want; that solves part of the problem. The next problem
would be to convince browser distributors (who are just developers
like us), by rational argument, that these patched versions should
be the "official" versions. In any case we won't get anywhere by
assuming that it isn't possible to change anything.

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>