> The technical skill of most of the individuals in this debate is not > in the area of security. Also, there has been a very big PR campaign > for many years that was designed to cause people to equate explicit > trust and PKIs, because those who funded the campaign were public CAs > requiring such trust. That campaign has been effective in creating a > perception among many folks, technical or not, intelligent or > otherwise, and it is this perception that clouds this discussion, in > large part. actually, that perception - which you admit is real - is part of what makes the DNS PKI dangerous. it's what makes it so likely that DNS PKI will be misused and that the trust placed in it will be abused.