Damian Menscher wrote on 2011-09-11:
Because of that lost trust, any cross-signed cert would likely be revoked by the browsers. It would also make the browser vendors question whether the signing CA is worthy of their trust.
And therein is the root of the problem: Trustworthiness is assessed by what you refer to as the "browser vendors". Unfortunately, there is no Trustworthiness assessment of those vendors. The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates. It is nothing more than theatre and provides no actual security benefit whatsoever. Anyone believing otherwise is operating under a delusion. --- Keith Medcalf () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org