Now, even though Apple had the help of RSA and BBN, there was this even bigger problem of just helping people get it. The best way to help people understand technology is to make it accessible so almost anyone can play with it and use it. This is what Apple is known for - making technology so accessible that people just go nuts, doing things with it and taking it places no one ever dreamed. That's how Apple catalyzed the transformation of the publishing industry. Requiring a CA to make DigiSign work simply made this impossible. A peer to peer model, allowing people to create and sign their own certificates would have been far more appropriate for Apple's creative users. Then came PGP...

I think Mark makes a mistake in confusing pre-conditions for market acceptance with requirements for market growth.

From the perspective of someone who helped the Web grow from a userbase of less than 100 users I have my own ideas as to why Apple did not succeed with its powertalk architecture. I see the lack of commitment to open standards as the key factor.

Consider the attractiveness of a communications system that only communicates from one Mac to another. Today that might be just about adequate for many people's needs, after all the PowerMacs are quite powerful. Back in 1990 however the Mac platform was a rather weedy 68000 with an operating system that was very expensive to develop for and a relatively small market share. If you had a power hungry application in 1990 you had to get a RISC processor which in turn meant like it or not you had to use UNIX (or VMS). Standardising on a Mac only platform just was not going to happen regardless of how great the software was. To the extent that requiring a CA meant higher startup costs the powertalk architecture was flawed. The problem had always been a chicken and egg situation in which PKI applications could not take off without a CA and CAs could not take off without successful PKI applications. PGP cut the gordian knot and demonstrated that it was _possible_ to have a successful PKI application without a CA. But that is not to say that a trusted third party cannot add value to an application. PGP validated PKI generally but it did not invalidate the CA concept - in the PGP system everyone is a trust provider, everyone is in that sense a CA. But just because CAs may be dispensed with in a system of 10,000 odd users whose principal concern is confidentiality does not mean they have no role in a system of over 1 million users where the legal enforceability of a signed contrat is an issue. Consider as an example the case in which there are 1,000,000 users and people generally prefer certificate chains to be no longer than three people. That can only be achieved if either people on average sign 100 keys or some people sign a great number of keys (thousands). In my book anyone who is signing over 1000 keys had better have a pretty decent idea of what they are doing and should probably think of themselves as a CA. The other shortcomming of Apple's approach was not realising that there is a middle ground. To take an example most people think of VeriSign as a CA because of our public CA business (Server certificates, S/MIME certificates). A lot of people who spend a lot of energy blasting our business model don't realise that our enterprise offering, OnSite is a product which allows other people to set up their own CA outsourcing the expensive to implement Issuing Authority functions rather than handing over control of their enterprise to us. It is true that if folk want to issue certificates which are incorporated into the VeriSign public hierarchy we insist on certain contractual undertakings from them (i.e. if they issue a certificate to Fred Bloggs they take the same steps we would to check it really is Fred Bloggs). We have already got to the point where we have proved the viability of PKI generally. The question to ask is not what are the preconditions for establishing PKI but how can we grow the PKI market best? In short Apple's plans were not too crazy from the perspective of where they wanted to get. The fault lay in not understanding how the market could get from where it is to where they thought it should go. They failed to understand that communications products can only be successful as genuinely open standards with ubiquitous support. They saw the Powertalk architecture as a means to sell more Macs, not as a business in itself. Phill