Comment Re:New SSL root certificate authority (Score 1) 129
Thanks for the insult. It hardly stung.
Unless you worked at Netscape in the mid-1990s, no insult was intended.
All I meant is that by the very early 1990s, we (and by "we" I mean people smarter than me; I was clueless at the time) had a pretty good idea that CAs wouldn't work well outside of real power hierarchies (e.g. corporate intranets). But then a few years later the web browser people came along and adopted X.509's crap, blowing off the more recent PKI improvements, in spite of the fact that it looked like it wouldn't work well for situations like the WWW.
Unsurprisingly, it didn't work well. Organizing certificate trust differently than how real people handle trust, 1) allows bad CAs to do real damage, and 2) undermines peoples' confidence in the system.
A very nice way of saying this, is that in hindsight, the predicted problems are turning out to be more important than we thought most people would care about.
Keeping the same organization but with new faceless unaccountable trust-em-completely-or-not-at-all root CAs won't fix the problem. Having "root CAs" is the problem, and PRZ solved it, over 20 years ago.
I expect you to start the project shortly.
It's a little late to start, but I do happen to still be running an awful lot of applications (web browser being the most important one) which aren't using it yet.