On Sat, Dec 26, 2015 at 10:11 PM, John C Klensin <john-ietf@xxxxxxx> wrote: > > > --On Saturday, December 26, 2015 9:52 PM -0500 Phillip > Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: > >>... >> One of the issues people don't seem to consider in these >> schemes is that merely reducing the number of trusted >> intermediaries from ~40 to one doesn't actually remove >> reliance on trusted third parties, it merely removes all >> choice in the matter. > > And even that equation tends to be complicated by the > observation that the trust relationship, as far as certification > of identity is concerned, is with the registrars (and, in some > cases, their agents and resellers) rather than with the > registries. At that point, the number of trusted intermediaries > gets back toward order 40 or 100, not one, unless the question > is "do you control this domain" rather than "are you who you say > you are". > > john >