Randy Bush wrote: > i'll try once again, > http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf It correctly states: 1,800 entities that are able to issue certificates vouching for the identity of any website that is one insecure entity is a lot more than enough. Phillip Hallam-Baker wrote: > Their number of intermediate certs is more accurate. But they make > the same mistake of conflating an intermediate cert with control > of a CA. Why do you insist on counting the number of Angels when just one fallen one is a lot more than enough? A CA a few key managing personnel of which are under US legislation is a lot more than enough. Masataka Ohta