Hannes Tschofenig wrote: > The PKI concept by itself does not say how many trust anchors you need > to use at your client. You are complaining about the way how the WebPKI > looks like and how the CA/Browser Forum is handling their business. > Allowing new trust anchors to be added means giving new CAs a chance to > enter the market. Why do you insist on counting the number of Angels so much? > Let's say we only have one trust anchor. A CA under US legislation, a CA key management hardware/software is developed by a company under US legislation or a CA a few key managing personnel of which are under US legislation is a lot more than enough. Note that root zone of DNSSEC is managed by ICANN/ISOC incorporated in US. > There have been various ideas on how to improve the PKI, and the IAB has > a security program that aims to make some progress in that area. I'm tired of reading lengthy abstract nonsenses. A simple and concrete example could help you convince people. > I am > currently working on a draft update of > http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution based > on the feedback I have received. A draft with 19 pages is already too bad on such a simple problem only to have obscurity instead of security. > Finally, in your threat model, however, the use of a DH will also not > help since you have, as stated, the MITM attack at the ISP. As I wrote in a recent mail: the problem for PKI is that, assuming active MITM attacks both on ISP chains and CA chains, it offer no better security than DH, my point is that complex PKI, which you are trying to make even more complex, is no more secure than simple DH. It does not mean DH is very secure. Masataka Ohta