Re: all terribly nice now how do you prevent Certificate Authorities screwing up
I'd be quite happy with DNSSEC protected text records providing the public key for any service.
It's completely out of band and of all the groups in the world we have come to trust... those looking after the DNS root are pretty high on the list, and actually so are the major TLD bodies (theiving scum they might be, but they have historically provided a pretty good technical service in terms of DNS at any rate)
Biting the hand that feeds IT
