"Robert" == Robert Elz <kre(_at_)munnari(_dot_)OZ(_dot_)AU> writes:
Robert> There's a simple reason why the DNS isn't suitable as a PKI,
Robert> and it has nothing to do with transitivity of trust, and nothing
Robert> to do with DNS packet size limitations, or root server workloads.
Robert> It is that DNS admins did not sign on for the job of authenticating
Robert> anything (with the possible exception of the DNS itself). That's
Robert> not what they do, and for most DNS admins & operators isn't
something
Robert> they have any interest in doing.
Okay, so they won't do that, and they won't secure their zones, or provide
keys in their zones.
Don't tell *me* what I can and can't do.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr(_at_)sandelman(_dot_)ottawa(_dot_)on(_dot_)ca
http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [