Folks: is rehashing the blue-sky discussions of how to create a better trust
model for SSL without a stable proposal to look at really a good use of the the
CFRG, SAAG, S/MIME, and PKIX mailing lists?
If you want to be serious about this, please write an Internet Draft and set up
a mailing list for the discussion. Invite people from these lists to join, and
maybe announce revisions to your draft. Be sure to invite people from the
Mozilla security community: they are having their own (perpetually repeating)
discussion of this, again without a stable document to comment on.
We *can* change the security model, but not with the current method of
--Paul Hoffman, Director