[jrapdx3]

I'm wondering how the proposed security model differs from current practices. What you've quoted doesn't seem different. After all, on the web today, data producers send a certificate which the client "verifies". At least the long list of "CA" names in my browser purports to be "verified" by an "authority".

Maybe the point you're making is exemplified by the news item concerning a security breach that was detected after going on for 13 years. (http://cybertinel.com/wp-content/uploads/2014/09/HARKONNEN-O...)

The part that got my attention was the criminals having fooled users into revealing passwords using certificates purchased from CAs (at a total cost of $150,000).

That seems to mean the current CA system is broken. It's not a big surprise that a centralized security concept is in NDN--Verisign is one of its main supporters.