Michael Markstaller wrote: [...]
Anyone who thinks it's useful to talk about (long-term!) Root-CA services by (RIR)/RIPE?
Caveat: very personal and non-PC point of view! I consider the whole concept of tree-structured CAs an architectural failure. With that in mind, I do not want to see the NCC drawn into that swamp. It just increases the NCC's attack surface. The NCC will be forced to deal with quite a big number of these fundamental issues eventually, within the context of RPKI, though...
Instead of commercial instances that just print money and sell them in case without anything (just price) to dictators like *.google.com
Any attempt to manage trust as a commodity and to sell it in a competitive market, where the majority of customers and consumers (with a broad definition of both) do not understand the technology and the risks - is doomed to fail. Unfortunately, I do not have a workable, scalable alternative solution to propose :-( Wilfried.