Correction: A single global rooted PKI is a bad idea, a single global (in the namespace sense, not a single system) PKI database where we can look up certificates is a good idea. At 07:39 PM 6/9/2002 -0400, Keith Moore wrote: > > I was wondering if the best system to build a global PKI wouldn't be the > > DNS system already in place? > >A global PKI is a Bad Idea. Nobody is sufficiently trustworthy to be the >root CA. > >Keith