Masataka Ohta wrote: > > > It is still a hierarchical model of trust. So at the top, if you > > don't trust Verisign for the .COM domain and PIR for the .ORG domain > > (and for people who are worried about the NSA, both of these are US > > corporations), the whole system falls apart. > > Right. PKI is fundamentally broken, because its fundamental > assumption that trusted third parties could exist is a total > fallacy. I believe the problem is slightly different. There is no problem with the assumption that trusted third party _could_ exist. The reason where PKI breaks badly is whenever the third party that Bob selected as _his_ third party is not a third party that Alice has volutarily chosen herself to trust. Instead, PKI forces Alice to trust dozens of third parties, one or more per every Bob out there. -Martin