On Sun, Oct 03, 2010 at 11:14:23AM -0400, Phillip Hallam-Baker wrote: > What is actually being proposed is to replace the fifteen year established > system of CAs with a new scheme starting in November.
[. . .] > I really don't think that we want to replace the existing infrastructure a > new PKI designed by people who claim not to understand the issues involved. > As the proposers of this scheme have done repeatedly. Suppose all of that is true (and I think it's a gross misrepresentation of the situation, but never mind that), so what? Presumably, if this new PKI sucks as much as you say it does, nobody will use it, and no harm will come. If it's a kind of snake oil that appeals to the clueless (i.e. it sucks as much as you say it does, but it's jumped up and marketed in a way that lures people who don't know any better), then it will have some spectacular failure and everyone will thenceforth avoid it. So what's the problem, even if things are as bad as you say? Also, why isn't this on the list devoted to this discussion (followup set)? A -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop