specifically with respect to SSL server certificates ... their primary objective was supposedly to overcome shortcomings in the domain name infrastructure integrity (and as stated, most of the SSL server certificate issuing entities actually also have dependencies on that integrity). Fixes for the integrity of the domain name infrastructure ... eliminates the domain name infrastructure as a business case/justification for the existance of those certificates. Specifically with respect to SSL server certificate, the remaining issue is possibly merchant/server trust (not trust with respect to internet operational integrity ... but fusiness/fraud trust with respect to the business operation of the merchant/server). Establishing that trust goes beyond just having the comfort that if you are defrauded that you might be able to identify the guilty party. That can be addressed with an online BBB &/or consumer report type of service providing real-time information. Eliminating both justifications for SSL server certificates ... then makes the vast majority of the existing SSL server certificates redundant and superfulous (and I believe would severely impact the business case justification for setting up an operation to provide such a service). Now this is applicable to the current existing dominant PKI deployment in the world today (possibly accounting for 99.999999999% of instances where there is a certificate transmitted and a client checks the contents of that certificate). It possibly is not applicable to any other hypothetical PKI implementation which may or may not currently exist. Ben Laurie <ben@algroup.co.uk> on 11/19/2000 05:03:20 AM