Theodore Ts'o wrote: > More importantly, what problem do people think DNSSEC is going to > solve? Insufficient revenue of registries. > It is still a hierarchical model of trust. So at the top, if you > don't trust Verisign for the .COM domain and PIR for the .ORG domain > (and for people who are worried about the NSA, both of these are US > corporations), the whole system falls apart. Right. PKI is fundamentally broken, because its fundamental assumption that trusted third parties could exist is a total fallacy. Masataka Ohta