I think one of the key things that will help push things forward is and always has been our web of trust, while on the surface it seems like just a way to unlock features on the website such as increasing the length of time certificates are valid, or getting your name/company details onto certificates. However in my opinion the big advantage, which is currently largely unrealised, that our web of trust over most other internet identity schemes is that it is technology neutral, and this gives us an advantage over things like the PGP web of trust which is locked to a specific technology. If at any time in the future they move away from PKI and x509 certificates we can simply integrate the technology into our system and keep going like we always have been.

Also an insightful comment submitted on the previous post suggested that if we managed to convert 10% of self signed websites, we’ll be well on our way to having a lot more mind share, and I guess this is where things like inclusion in the Debian ca-certificates package start to become significant, because this can then be leveraged to make it easier for certificate chaining once we start offering the option to have certificates signed by a higher trust certificate for those with 50 points or more, which hopefully will be within the next 24 hours all going well!

So I guess this begs the question if anyone have any contacts with any distros or other high profile sites using self signing, that we can talk to or if you’re able to convince them to start getting their certs signed by us it would push things along that little bit further that little bit quicker, and of course getting assured will improve the over all trust of the network, especially the more inter-twined it becomes.