Comment Re:So is that a yes or a no? (Score 1) 92
There are no realistic alternatives. Opportunistic IPSEC never got started, and I am not aware of any other attempts which might actually work. You can replace the CA system with DNSSEC, but that does not solve the entire problem.