Over on "old thing new thing" a blogger asks whether users would know the difference between one bicycle helmet certifying authority from another.
Microsoft should allow orgs that are peers of WHQL [to] certify drivers and allow drivers to obtain certs from any such org or set of such orgs as they choose. Over time users would know which orgs were on the ball and which had agendas.Would they?
Yes, they would. But not through the mechanism that was described.
In any market there are 90% of the people who know next to nothing about it. That's the "buy bicycle helmet with XXX certification" crowd as described in the post. These people rely on the 9% who do know.
The 9% who do know are those who are more interested amateurs and less interested insiders. This group knows about all gossip and chitchat and what is good and what is bad and who is on the up and who is on the skids. This group is the one that warns everyone when a particular standard or organisation is "not good" and others are "good."
Then there is the 0.9% who actually really truley know. They understand the field, in depth. These are the ones who make the determination that certain things are not good, and they write long and detailed arguments on the problem. Rants. They scan looking for facts and events and what-have-you and integrate them into the ongoing argument. They debate back and forth with their opponents until a consensus is achieved.
Finally, this small group of critics pass the results on to the 9% who spread it more broadly.
(The remaining 0.09% are the people who actually discover and predict the failures before anyone else ... but nobody listens to them until enough evidence has accumulated. These are the crazies who are eventually proven right, but nobody remembers that part. When the questions are raised they are there in advance with the facts and stories for the 0.9% to debate and put into a more accessible format. We don't like to admit this group exists, and we'd never credit them with influence.)
This is called open governance. It happens when regulators are not present. It works in the unregulated currency field. And it will probably work with Certification Authorities, but only if the browsers step aside from the judgment game and put the name of the CA on the chrome.
Only when the users have reason to ask the 9% what Verisign means, will the 9% ask the 0.9%. (Etc.) But it has to happen in a "pull" fashion, there has to be a question to ask before any debate on governance can start.
Posted by iang at January 4, 2006 07:54 AM | TrackBackThe helmet case is actually rather instructive.
The Snell Memorial Foundation devised and promulgated the Snell standards when a helmet failed to protect a driver. The superiority of the Snell standards is pretty well established.
Posted by: Chris Walsh at January 4, 2006 11:31 AM