Tom,
It's very difficult to write text that accurately conveys the intent,
and is yet
is technically precise.
For example, you wrote:
"Without key management at an Internet scale, authentication is often
not possible."
*ephemeral DH exchange is a type of key management, and it works at
Internet scale.**So, what I think you meant to say, when paraphrasing
Viktor (who made the same mistake in the I-D) **
**is something like*
"Authenticated key management at an Internet scale has yet to be achieved."
*later the text says: *
"Key management at Internet scale is an incompletely solved problem."
*again, missing the necessary qualifier "authenticated"**
**and later:*
The PKIX ([RFC5280]) key management model introduces costs that not all
peers are willing to bear and also cannot secure communications when
either the reference identity *(not defined in the I-D)*
of the peer is obtained indirectly over an insecure channel or the
communicating parties cannot agree on a [root?] certification authority
(CA).
*This statement is inaccurate. If peers share a common, trusted CA, they
can validate one anothers**
**certs, whether that CA is a trust anchor ("root CA") in the Web PKI
sense or not.**
**
**As you may surmise, I avoided reading Viktor's doc. I will do so now,
and provide detailed**
**comments during IETF LC, to address these and other issues.*
Steve