[Cryptography] Is it time for a revolution to replace TLS?

[Ralph Holz]

> The lack of a single root isn't a failure. It was a very deliberate
> design decision one that I see no reason to revisit.
> 
> A single root PKI means that whoever controls the root controls
> everything. EVERYTHING. To quote Davros 'that power would set me
> amongst the Gods'.

Except that we now have a multitude of gods and demi-gods. Name
constraints will help a lot, but the plentitude of CAs continues to a
devastating weakness.

FWIW, the number of organisations (!= certs) in browsers continues to
grow happily.

Ralph