David Wilson wrote: >>The provision is through hops of certificate authorities, > As I clearly stated, As we are discussing on concepts described in two papers, your own statement without proper quotation from the papers does not mean anything. > the actual signing is end to end, The security hole is located not between certificate authorities but within certificate authorities. To quote from the 2001 paper, Transactions based on a wellknown public key can be rather simple two-party interactions that fit well within the end to end paradigm. However, there is a key role for a third party, which is to issue a Public Key Certificate and manage the stock of such certificates; such parties are called certificate authorities. the first sentence roughly corresponds to your statement "the actual signing is end to end", however... And the third parties of certificate authorities constitute a chain, a channel, hops or whatever terminology you might use, which is not end to end. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf