

Will DANE make CAs obsolete? - ademarre
http://www.sslcoop.org/blog/index.html

======
ademarre
> _The mode of DANE which I, personally, find to be the most intriguing, is
> one which specifies which CA should have issued a certificate. This is
> amazingly awesome, because as it stands today, the entire CA trust model is
> only as strong as the weakest CA in the global trust store._

Hear hear. Today's root-store trust model is bad, and we need an upgrade.

