>I get a headache every time I even think about residential
>persons, much less their CAs. The existing scheme for
>distributing knowledge about which DSA "has" the entry
>for a particular organization is bad enough, but trying to
>distribute that knowledge across a dozen ADDMDs for
>say 300,000,000 users is simply NOT going to work.
Remember your NADF course for US domain. The US postal service already
maintains the CAN, and the master residential database which will serve
as the shared DIT for the residential namespace.
The US registry of official certified authentication domains already
exists, and constitutes a sovereign government initiative. Is it *the*
US national registry? Well thats why I want to know what MIT are or are
not doing.