On Jun 10, 2011, at 1:05 PM, Mark Woodward wrote: > > What we need is a mechanism to distribute and verify public keys.
You've just described a certificate authority: a mechanism that distributes and verifies public keys (certificates). What we need is a verification mechanism that is independent of the distribution mechanism. When verification is independent of distribution it is readily apparent when the distribution mechanism has been compromised: verification fails. We need something like the MIT PGP key server: http://pgp.mit.edu/ --Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss