I used to work on PKI and this right here would have the old guard of system security architects up in arms:
> 90% of that guff can be automated and hidden underneath a good UI, but can we
> dispense with the need for key exchange parties? Absolutely we can.
So who builds this "good UI that everyone trusts"? Without details of how this works, there is no way this system can grow. There is no way to have efficient key exchange except though an arduous process of everyone creating this mesh of trust manually. PKI creates this "good UI everyone trusts" with a bad UI that everyone trusts which has turned into these 4 companies that are mentioned in the article. It sounds good, but it's an iron triangle.
