Keith Moore <moore(_at_)network-heretics(_dot_)com> wrote:
please figure out how to make DNS more reliable, more in sync with the
world, and less of a single point of failure and control, before
insisting that we place more trust in it.
A while back, in the SIDR mail-list, a banking-level wish-list was
published:
]
] - That when you establish a discussion with endpoint you are (to the
] best of current technology) certain it really is the endpoint.
]
] - That you are talking (unmolested) to the endpoint you think you are
] for the entirety of the session.
]
] - That what is retrieved by the client is audit-able at both the
] server and the client.
]
] - That retrievals are predictable, and perfectly repeatable.
]
] - That the client _never_ permits a downgrade, or unsecured retrieval
] of information
]
] - That Trust anchor management for both the client ssl and the PRKI
] is considered in such a way that it minimises the fact there is no
] such thing as trusted computing.
How much of this is it reasonable to ask the DNS to do?
--
John Leslie <john(_at_)jlc(_dot_)net>
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf