I’ve been working on a means to use the already-written X.509/PKIX certificate parsing code to provide services that meet the needs of c2c and b2c communications, as an incremental step over trying to say “you need strong identity” without explaining how it can provide a compelling use case. (Mapping everything to a single non-cryptographically-generated string that is supposed to be globally unique makes very little sense. The key *is* the nym, and there’s no need for any individual, company, or government employer to know about the entire set of keys and nyms that are associated with the same natural person.)

More to your point, the proposal should take into account that the usability considerations for low assurance credentials for low value transactions will likely be very different from high assurance credentials for high value transactions.

Low-value transactions are much more frequent, and more subject to abandonment if the system isn’t easy to use. This is the whole premise behind one-click ordering: the participants in the transaction have determined that the potential for loss due to fraud is less than the potential for lost business due to friction, and are willing to trade off security for ease of use. NSTIC needs to accommodate that.

To put it another way, I don’t mind if the authentication required to refinance my house is onerous, but I’m going to do that very rarely. It’s the common transactions for which ease of use is most important.

A WordPress plugin that I wish existed (maybe it does?) is one that would take a mailing list thread — delivered in mbox format or whatever — as input and convert that to a blog post with comments. Obviously you’d want to check with the thread participants for privacy concerns and such, but really a lot of the emails you write could be blog posts as they stand, and in most cases the followups do not have anything confidential in them.