[Cryptography] Certificates and PKI

[John Levine]

>But also: DANE puts registries and registrars in the roles of CA and
>RA. If we think CAs are not a good solution, how is it the
>registries/registrars magically are?

We're stuck with them anyway.  (For the typical click-a-link that CAs
use, registrars and registries are already in the path.)

While I agree that the diligence of some registrars leaves a lot to be
desired, at least this approach has one less point of failure than the
current one.

R's,
John