Brian E Carpenter wrote:
Don't forget that
the uniqueness property of a domain name is used to guarantee uniqueness
in other, derived, namespaces,
How is it guaranteed? That is, who pays how much if the broken
uniqueness resulted in loss of, say, $1,000,000?
Without proper guarantee, based on the amount of money and risk
of each transaction, PKI (including SDNS) can not be used for
serious security purposes and is merely an overly complex way
for abstract security such as just checking IP addresses
through 3 way handshake.
Masataka Ohta
PS
PKI has nothing to do with E2E.
As CAs and DNS servers are intermediate systems, neither PKI nor
DNS are E2E.
As intermediate systems, they don't have any information on
ongoing transaction that they can't give any real guarantee.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf