May I suggest that someone do a little work on proving the trust is transitive, as that is what this is really all about, and if it turns out that trust in not transitive, then what was the point? Maybe if you ask Google about trust transitivity, you all might learn something;-)... Cheers..Stef PS: I trimmed the address list to just IETF;-)...\s At 9:45 PM -0700 6/12/02, Chris Evans wrote: >Then a global PKI protocol server needs to be invented so you can just get the >certs from the domain in question. i dont wanna see DNS system >bogged down by >this stuff. IMHOOC! > >use dns to get the IP and request from its IP the pki doc.. duh. > > >6/11/02 6:51:26 PM, Derek Atkins <derek@ihtfp.com> wrote: > > >David Conrad <david.conrad@nominum.com> writes: > > > >> Why do you think the roots and TLDs would get millions of TCP queries for > >> their certs? Why would anyone want to get the certs of the roots or tlds?