Hannes Tschofenig wrote:
The PKI concept by itself does not say how many trust anchors you need
to use at your client. You are complaining about the way how the WebPKI
looks like and how the CA/Browser Forum is handling their business.
Allowing new trust anchors to be added means giving new CAs a chance to
enter the market.
Why do you insist on counting the number of Angels so much?
Let's say we only have one trust anchor.
A CA under US legislation, a CA key management hardware/software
is developed by a company under US legislation or a CA a few
key managing personnel of which are under US legislation is
a lot more than enough.
Note that root zone of DNSSEC is managed by ICANN/ISOC incorporated
in US.
There have been various ideas on how to improve the PKI, and the IAB has
a security program that aims to make some progress in that area.
I'm tired of reading lengthy abstract nonsenses.
A simple and concrete example could help you convince people.
I am
currently working on a draft update of
http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution based
on the feedback I have received.
A draft with 19 pages is already too bad on such a simple
problem only to have obscurity instead of security.
Finally, in your threat model, however, the use of a DH will also not
help since you have, as stated, the MITM attack at the ISP.
As I wrote in a recent mail:
the problem for PKI is that, assuming active
MITM attacks both on ISP chains and CA chains, it offer no
better security than DH,
my point is that complex PKI, which you are trying to make even
more complex, is no more secure than simple DH.
It does not mean DH is very secure.
Masataka Ohta