On Sun, Sep 11, 2011 at 3:37 PM, <valdis.kletni...@vt.edu> wrote: > On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said: >> The current system provides no more authentication or confidentiality >> than if everyone simply used self-signed certificates. > > Not strictly true. The current system at least gives you "you have reached > the hostname your browser tried to reach". A self-signed cert doesn't > even give you that.
really? even in the face of CA's that have signed certs for existing domains (to not the domain owners)? If I have a thawte cert for valdis.com on host A and one from comodo on host B... which is the right one?