Stef, >Thank You Steve for clarifying your simple little error and >correcting the record on what I did or did not say. I admit that >the error was small in commission but you must admit that it was >huge in affect, so it is good for you to corrected the record. > >I will assume that it was not intentional. no, it was not intentional. >Now, all I did was ask you to offer proof that trust is ever >transitive, as a separate sub-question of the general debate, >because in my view, this question is central to the reasons for >bothering to discuss the rest of this thread. > >In short, if trust cannot be proved to be transitive, like DNS zone >control delegation is transitive, then there is no reason to >continue with PKI designs that ASSUME TRUST IS TRANSITIVE. <snip> The essence of our disagreement is that I don't view the relationship between the CAs in a DNS-based PKI to be one of trust. We rely on DNS admins to correctly bind addresses to names in the zones they control. This is the seenace of the semantics of DNS operation. If these folks acted as CAs, we would rely on them in the same fashion to bind the same names to public keys, which just provides a secure mechanism to effect the binding of the name. If we don't call the first relationship trust, then I don't feel we should call the second one a trust relationship either. You uses the term "delegation" above and that's critical. In a system like DNS which makes clear who is authoritative for which names, I don't think the term "trust" is applicable, and that is the crux of our disagreement. Pn a less polite note, your line of argument has been to saddle me with a need to prove something that I have never asserted, which is pretty silly, at best. It's not surprising that I continue to decline to take a side of a debate that you have tried to define for me and which does not represent my position. Steve