jamesh:The free software CA idea is
interesting. I have been thinking about issues surrounding
Certificate Authorities a good deal recently. Pretty much
all of the projects I am working on at work end up
requiring certificates all over the place. Servers need
them, but people also need some form of them. Since these
are all higher education projects, it seems like a lot of
people will be using this stuff once it is finished. The
licenses on the projects are all Free, but I'm worried
about the tens of thousands of needed certificates. It
doesn't seem like that aspect of things scales very well.
But I do think that absolute certificates are needed,
rather than an advogato-style trust metric, since in this
case trust is a binary issue. Trust is a hard
problem....you have to implement a system where you can be
sure that no untrustorthy people get trust, but it can't be
overly hard to use, or cost too much, and ideally no
trustworthy person should be denied trust.