Index: /trunk/tls-centralization/Makefile
===================================================================
--- /trunk/tls-centralization/Makefile	(revision 240)
+++ /trunk/tls-centralization/Makefile	(revision 241)
@@ -2,3 +2,3 @@
 
 mediawikioutput: index.html
-	./mediawikiconversion <index.html >mediawikioutput
+	(echo '[[category:Organic Internet]]' && (./mediawikiconversion <index.html) ) >mediawikioutput 
Index: /trunk/tls-centralization/index.html
===================================================================
--- /trunk/tls-centralization/index.html	(revision 240)
+++ /trunk/tls-centralization/index.html	(revision 241)
@@ -229,21 +229,26 @@
 signature is a statement by the <term>Certificate Authority</term>
 that the <term>public key</term> shown does in fact belong to the
-subject.  You can think of these three parts as a state driver's
-license.  The certificate's <q>key</q> is sort of like the driver's
-license ID number.  The certificate's <q>subject</q> is the driver's
-name, photo, and other identifying characteristics.  The certificate's
-<q>signature</q> is like the hologram on a state driver's license.
-Only the <acronym title="Department of Motor Vehicles">DMV</acronym>
-can make that hologram, and by applying it over the ID number and the
-statistics, the DMV is saying that this particular driver has this
-particular ID number.  The specific format of the certificate used in
-<term>TLS</term> is not a driver's license, of course.  It is
-specified by the <term>X.509</term> standard.
-
-<p><a href="http://www.ietf.org/rfc/rfc3280.txt"><term>X.509</term></a>
+subject.
+
+<p>You can think of these three parts of the certificate as a state
+driver's license.  The certificate's <q>public key</q> is sort of like
+the driver's license ID number.  The certificate's <q>subject</q> is
+the driver's name, photo, and other identifying characteristics.  The
+certificate's <q>signature</q> is like the hologram on a state
+driver's license.  The <acronym title="Department of Motor
+Vehicles">DMV</acronym> plays the role of the <term>Certificate
+Authority</term>.  Only the DMV can make that hologram, and by
+applying it over the ID number and the statistics, the DMV is saying
+that this particular driver has this particular ID number.  The
+specific format of the certificate used in <term>TLS</term> is not a
+driver's license, of course.  It is specified by the
+<term>X.509</term> standard.
+
+<p><a
+href="http://www.ietf.org/rfc/rfc3280.txt"><term>X.509</term></a>
 covers a lot of different things, but for the purposes of this
 discussion, we're only interested in how it specifies the certificates
 used in <term>TLS</term>.  In particular, I want to focus on two
-things: how the server is identified, and how the signature is
+things: how the web server is identified, and how the signature is
 attached to the identity/public key combination.
 
@@ -599,4 +604,62 @@
 server as well, if you needed a server to test browsers.
 
+<h3>Next Steps</h3>
+
+<p>What can you do, yourself?  Depending on how you use computers,
+there are different things you might want to do.  If some of them seem
+confusing or you aren't sure how to start them, ask for help!  There
+are web forums, mailing lists, and user groups filled with people who
+are interested in helping out.
+
+<dl>
+
+<dt>All users</dt><dd>If you are a typical computer user these days,
+using standard tools, you can't switch to this new architecture all by
+yourself yet.  But you can prepare yourself for a move to a more open,
+secure architecture in a number of ways: <ul><li>Adopt free software,
+which are the most likely tools to move to this new architecture
+first.  Start with your web browser: If you are not using Mozilla
+Firefox, Konqueror, or some other free browser as your primary web
+browser, try to make the switch.<li>Learn about encryption by setting
+yourself up with some tools.  You can actually run GPG (an
+implementation of the <term>OpenPGP</term> standard) freely on any
+modern operating system. There are <a
+href="http://enigmail.mozdev.org/">graphical front-ends</a> and <a
+href="http://www.gnupg.org/gph/en/manual.html">tutorials</a< available
+online which might help you get a feel for managing certificates,
+signatures, and alternate authorities.<p>When using your web browser
+with normal <term>HTTPS</term> connections, start checking who the
+issuer is, and thinking about the chains of trust explicitly.</dd>
+
+<dt>Webmaster</dt><dd>If you manage a website, and your site doesn't
+use <term>HTTPS</term>, consider offering it as an option so that your
+users can communicate with your site securely.  For technical reasons,
+this will usually mean that you need your web site to have its own IP
+address.  In the process of doing this, you'll also need to generate
+an <term>X.509</term> certificate, as discussed here.  You can either
+generate your own certificate (self-signed), get a commercial
+<term>Certificate Authority</term> to sign one for you, or you could
+ask for a cert from an alternate CA (such as CACert.org).  Ask your
+system administrator if your web server is one of the few which
+supports OpenPGP certificates.  If it does, generate and install one.
+If you're not sure how to do any of these steps, ask for help!</dd>
+
+<dt>System Administrator</dt><dd>If you maintain a web server which
+offers <term>HTTPS</term>, consider offering support for
+<term>OpenPGP</term> certificates.  If you administer an
+<code>apache</code> server, you might want to experiment with
+<code>mod_gnutls</code> where you would normally use
+<code>mod_ssl</code>.</dd>
+
+<dt>Programmer</dt><dd>If you can read or write code, consider digging
+into one of the software packages above.  If you see features that
+make sense but are not-yet ready for the public, test them and give
+feedback.  If you see features that are needed but lacking, write up a
+proposal and pass it by the primary maintainer of the software,
+offering to implement it yourself if you think you can.</dd>
+
+</dl>
+
+
 <h3>Who will be the new authorities?</h3>
 
@@ -614,6 +677,6 @@
 authority.
 
-<p>And of course, everyone who is aware and interested in these things
-can perform their own certifications, and publish them freely.
+<p>And most importantly, everyone who is aware and interested in these
+things can perform their own certifications, and publish them freely.
 
 <h2>Back to the larger issue</h2>
@@ -656,4 +719,4 @@
 <hr>
 <address></address>
-<!-- hhmts start -->Last modified: Tue Feb 20 10:13:41 EST 2007 <!-- hhmts end -->
+<!-- hhmts start -->Last modified: Tue Feb 20 21:39:19 EST 2007 <!-- hhmts end -->
 </body> </html>