> Correction: A single global rooted PKI is a bad idea, a single global (in > the namespace sense, not a single system) PKI database where we can look up > certificates is a good idea. assuming that you can keep the folks who control the TLDs from trying to sell themselves as authoritative CAs for those TLDs, I mostly agree. Keith