>In a system >like DNS which makes clear who is authoritative for which names, I >don't think the term "trust" is applicable, and that is the crux of >our disagreement. The problem is that, although the owner of the domain is authoritative for who gets to use which name, that doesn't mean their users want them to issue certificates. The first requires that the owner trusts the users; the second requires that the users trust the owner. And trust is not symmetric. /========================================================\ |John Stracke |Principal Engineer | |jstracke@incentivesystems.com |Incentive Systems, Inc.| |http://www.incentivesystems.com |My opinions are my own.| |========================================================| |But this one goes to 11x. | \========================================================/