[denart2203]

Is anyone else increasingly uncomfortable with the "we'll solve the certificate problem by deferring to centralized registrars that surely keep their keys private from state actors." I mean, this is potentially not a risk if there is a recognizable way of communicating low-bandwidth fingerprints of the next encryption level, like ZRTP verification on voice. But note how WebRTC has done the same thing? And efforts to solve the problem are talked about and then, somehow, nothing ever happens with the standards.

It's enough to drive one paranoid.