[messaging] PKI is dead

[carlo von lynX]

On Fri, Jan 23, 2015 at 01:05:49PM -1000, Trevor Perrin wrote:
> Hi,
> 
> Are we just discussing website login and Web PKI here?
> 
> If there's no direct connection to end-to-end secure messaging, could
> people discuss this elsewhere?

If this is about "web" in the sense of not having a proper
client application, then I have indeed nothing to contribute.

If we think of "website" as some nicely formatted content or
(business) transactions between an entity representing an
organization and an end-user, then the concepts laid out in
end-to-end secure messaging can come into play.

Just like a person can have her public key on a QR code, an
organization may offer authenticated addressing by means of
a advertizing a public key in form of a QR code printed on 
a brochure or business card.

This implies that the system is capable of routing by public
key, which is the default in most new generation systems.

The same software that provides for end-to-end secure messaging
between people can establish a channel between a person and an
organization, giving the person the security of speaking to the
correct service and leaving it to the user to choose an identified
or a pseudonymous "ego" while interacting with the service.

I believe this is the foundation necessary to establish all
sorts of anonymous or authenticated forms of online business,
including the sorts of business logic where the organization 
only needs to know that it is the same person from last week.

Is this a useful contribution / interpretation of the thread?