Whether we pursue auditable CAs / notaries, Convergence, HSTS, user authentication that can do channel binding -- all these options are about keeping the CAs honest by making it too likely that MITMing CAs (whether compromised or by business plan) will get detected. Someone made a comment about elegance. I'm not sure that anything other than making CAs auditable is elegant, but I don't think elegance is really what we're after (though elegance is always nice). I think we're after a PKI where MITMing is not likely to pay off except in relatively rare circumstances (e.g., when a new device is bootstrapping itself), so rare that it isn't worth trying to MITM even in those very few cases.
That would make me like PKI. Nico -- _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
