On Sun, Oct 03, 2010 at 11:14:23AM -0400, Phillip Hallam-Baker wrote:
> What is actually being proposed is to replace the fifteen year established
> system of CAs with a new scheme starting in November.

[. . .]

> I really don't think that we want to replace the existing infrastructure a
> new PKI designed by people who claim not to understand the issues involved.
> As the proposers of this scheme have done repeatedly.

Suppose all of that is true (and I think it's a gross
misrepresentation of the situation, but never mind that), so what?
Presumably, if this new PKI sucks as much as you say it does, nobody
will use it, and no harm will come.  If it's a kind of snake oil that
appeals to the clueless (i.e. it sucks as much as you say it does, but
it's jumped up and marketed in a way that lures people who don't know
any better), then it will have some spectacular failure and everyone
will thenceforth avoid it.  So what's the problem, even if things are
as bad as you say?

Also, why isn't this on the list devoted to this discussion (followup set)?

A

-- 
Andrew Sullivan
a...@shinkuro.com
Shinkuro, Inc.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to