> But Gregory is right, you cannot really trust anybody completely. Even > the larger and more respectable commercial organisations will be > unable to resist <insert intel organisation here> when they ask for > dodgy certs so they can intercept something.. > > No, as soon as you have somebody who is not yourself in control > without any third party verifiably independent oversight then you have > to carefully define what you mean by trust.
i am having trouble with all this. i am supposed to only trust myself to identify citibank's web site? and what to i smoke to get that knowledge? let's get real here. with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all. randy
