> >We're already trusting chains of signficant length (i.e. DNS delegation) > >with no decent verification at all. > > That's a good point. PKI on DNS might not be the most trustworthy system > imaginable, but it would probably be an improvement over no PKI. Provided > it doesn't break DNS... and also provided people don't say "hey, now there's a PKI, so I really can trust it!" Keith