Re:PKI anyone? (Score 1)

You're right...a central authority...but not controlling in the sense of your comment. There has to be some sort of chaining for this kind of technology to work 'well'. It doesn't do you any good if no one trusts the authenticity of your certificate. Its the same principle as certificates used for SSL enabled websites. Anyone can issue themselves a certificate that enables SSL on their website, but that doesn't mean you trust the authenticity of the site or the owners intentions. Now on the other hand, going to a website that has a certificate that was issued from a trusted authority like Verisign allows your computer to trust the site based on the certificate trusted roots. Your browser make some basic assumptions based on the trusted path of the certificate and assumes that the site is trusted. Verisign doesn't control anything with respect to the certificate. They only vouch for the authenticity of the certificate and it's owner.