One of the hidden agendas of the NSTIC is, I suspect, to have the cloud vendors – already sending our log files to NSA for “critical infrastructure protection purposes” – replace the X.509 encoded cert with a JWT encoding (of the same thing). And its hard to argue why NOT (since the old format is a bit dated). Little changes, one might think – with obvious benefits.
what the old format is doing, not that we intended it this way, is keeping the current web consistent with the attitudes and knowhow of the 1995 era web. Rather than the militarized web planned by the US, with the connivance of the cloud vendors.
This is WHY is JUST SO IMPORTANT to dump the old format – because with it goes the old stuff that is “hard to spy on”.
it also allows all the old PKI ideas to come back (now in the guise of JWTs) – and THIS TIME folks are “going to design” it the way PKI was supposed to be done (which is not the way the web did it).
I wonder if the microsoft line engineers KNOW that they are part of a bigger plan? obviously, the indoctrinated product manager do, and presumably use management and communication skills to “ensure all ‘keep the faith’” – and uphold the cover stories.