On Fri, 6 Jun 2003, Haren Visavadia wrote: > Dave wrote: > > Only a fool would accept a self-signed certificate > > CA certificate is self-signed. > > Are you suggesting CA should cross sign each others certificates? > If a root certificate is installed by a process you choose to trust, it is not self signed. Self signed in my experience refers to the ability frequently used internally for QA labs where there is no accepted root server. Even if the root cert, installed by my explicit or implicit approval, is used to sign another cert from the same organization, that second cert isn't self-signed. FWIW, for UBM suppression, I'm not concerned about my grand parents understanding trust models. Meaningful trust boundaries must begin with the MTA. The MTA owns the trust issue between itself and individual MUAs. As Phill implied, the cost of security must be less than the value of the protected entity. If major operators of MTAs discover that a particular CA root private key is compromised. Addressing the problem quicky should be easy, if the possiblity was anticipated. Will that protect every user, no, but costs here are based on the scale of the activity, not individual occurances (as is any value received from sending the UBE) so getting rapid response from 20-100 MTA operators is likely to be effective. Dave Morris