On Mon, 9 Sep 2013, Ted Lemon wrote: > It might be worth thinking about why ssh and ssl work so well, and PGP/GPG don't. Umm, I question a conclusion that either ssh or ssl work well. ssh works reasonably well around me because I can help everyone get the details aligned. Even knowing all the rules, I frequently spend time fixing permission issues. Furthermore, the kinds of connectivity generally supported is that used by techies. ssl works so well that I've never worked in an environment with client certificates. (That was sarcasm, more to follow.) It works so well for me that it took 3 tries to get a cerficate and install it for MS Exchange OWA. I had a server cluster to move to a new data center. Two certificates for two sites. My experience to that point was I had to enter a pass phrase to get the web server to start. Turns out one certificate had a pass phrase and one didn't, so when porting the first site didn't result in a passphrase prompt, I conconcluded that I didn't have ssl working OR that somehow the passphrase prompt wasn't enabled. I spent hours and hours and didn't figure it out until I ported the second site. I think there is a common problem for all the variations of encryption. The tools and human interfaces are seriously lacking features needed to make use smooth. Code signing is another sore spot for me ... the hoops I have to jump through to update the certificate are amazing. Confounded last year by expiration of the root certificate. Dave Morris