Theodore Ts'o wrote: > Quibbling over numbers doesn't change the the fundamental premise, > which is that the certificate signing architecture for the web is > considered by some (including myself), to be pretty badly broken. To say so, one CA under US legislation or one CA using key handling hardware made by a company under US legislation is a lot more than enough. Masataka Ohta