Eliot Lear wrote: > What I was referring to was > Ohta-san's implication that PKI is fundamentally flawed. Perhaps it is, Perhaps. Though my statement so far is PKI is not strongly secure, it implies that you can choose from equally secure design alternatives. See below. > but I don't see anything better for key distribution to millions of > people. If you, he, or anyone else comes up with something better, I'm > all ears. Though I'm not so sure about your requirement, if you need fairly secure key distribution mechanism over the Internet, KDC, not CA, based schems such as Kerberos, is better than PKI. Though KDCs require real time communication, it's free over the Internet. Moreover, because key distribution is in real time, key invalidation is instantaneous without complex mechanisms such as CRLs. That is, you can shutdown spam site instantaneously. Or, as you are trying to create a new key distribution network from the beginning, it should be easier to create a new mail distribution network from the beginning where mails are allowed only between pre-recognized bodies. A very good property of this approach is that we don't need any cryptography nor new protocol. Just have a list of IP addresses of thousands or tens of thousands of root mail servers and set up our mail software to accept mails only from them or our own proxy and send mails only to them through proxies registered to a root mail server or two or three... Setting up a new mail network is hard but, IMHO, much easier than setting up a new PKI. Though neither of the above protect us spams from cracked accounts, we are not annoyed by delays with CRLs. Of course, CAs, ISPs, KDCs and root mail servers are not very trustworthy but they should increase the cost of spammers. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf