Theodore Ts'o wrote: > One of the reasons why the bogus Diginotar certificates were detected > was because Google Chrome had a feature called "certificate pinning" > --- which is not a feature normally associated with PKI's. It has nothing to do with PKI, because security key is directly shared end to end. It is a simple public key cryptography without PKI. > It's > unfortunately not all that scalable, End to end security is inevitably not scalable. > The challenge > is coming up with a solution that *is* more scalable, There is no royal road in secure communication. Masataka Ohta