To:
Simon Josefsson <simon+keydist@josefsson.org>
CC:
James Seng/Personal <jseng@pobox.org.sg>, Greg Hudson <ghudson@MIT.EDU>, keydist@cafax.se
From:
Steve Hanna <steve.hanna@sun.com>
Date:
Fri, 04 Jan 2002 14:23:42 -0500
Delivery-Date:
Fri Jan 4 20:25:44 2002
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
"James Seng" <jseng@pobox.org.sg> writes: > Another business model fault. PKIX is designed to be hierarchical. No, that's not true. PKIX supports any topology: hierarchical, mesh, star, bridge, etc. PEM and the original X.509 were hierarchical and assumed a single global trusted root, but that was changed more than five years ago. Simon Josefsson wrote: > "James Seng/Personal" <jseng@pobox.org.sg> writes: > > Unfortunately, "I get X dollar per cert" model prevents this from > > happening. Imaging if InterNIC started to charge "$1 per host" and not > > "$35 per domain" in 1995, we likely end up the same for DNS too. > > We are headed in that direction with opt-in anyway, I think. It will > cost $35 to get foo.com but $35^x to get a foo.com that is DNSSEC signed. This is one big problem with having a monopoly. You get monopoly prices. Let's not design another system that requires us to use this monopoly. Verisign charges thousands of dollars *per machine* for SSL server certs. -Steve