Stephen Kent wrote: > Your example does not require cross-certification. It only requires that the relying parties be members of, or have access to the (CA) credentials for, the communities to which the individuals belong. Cross certification is one way to accomplish this, but it is not the only way. Cross-certification is the way to do it automatically, tamperproof and that. But PKI does not work with cross-certification, so cross-certifcation must not be useful ;-) > You keep asserting that a single root does not permit scaling, but I have yet to see a good argument supporting that assertion. ;-) for starters, just read your own emails in this thread. You mentioned at least two reasons why a single root is not good for PKI. My reasons include the observation that a single point of control is also a single point of failure. One perverse aspect of the single root is, thus, that as the PKI grows and the single root gathers all the liability there is a point after which the liability at that single root may not even be insurable. Just think of it: all world e-commerce compromised because of one snafu at one point? This would be involution, not evolution. > In part this seems to result from your approach to defining a PKI, a definition not consistent with most others in the literature. I have not defined what a PKI is. I guess there are already plenty of definitions around. I just said that a PKI would need to be an infrastructure -- that pesky "I" at the end of PKI. But failure to be an infrastructure is IMO one of the reasons why PKI is at a dead end. The DNS, OTOH, is an infrastructure. Mixing both will reduce the infrastructure property of the DNS, reduce interoperation and alienate business drivers. There are many problems with the DNS, surely. I have catalogued more than forty serious problems. But the DNS has scaled from 10^4 users to almost 10^8 users without much change. We should be careful in adding a limited technology such as PKI to the DNS. The converse seems to be more reasonable -- using the DNS to add distribution channels (for certs and revocation information) to a PKI. This can be done right now. Cheers, Ed Gerck