ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

2009-06-14 04:44:42
from [Florian Weimer] [Permanent Link] 
* Phillip Hallam-Baker:


OK, how do you do that if the ICANN root is baked into your broadband
router? How about a light switch?


Nowadays, there are software update protocols for broadband routers,
too.


You can change the signing key, but distributing and embedding the
verification key is a whole different issue. The reason that VeriSign
can charge a premium for certs is because its verification roots are
the most widely embedded.


No, Verisign's pricing is based on branding.  "Verisign" is just the
most valuable brand, so certificates associated with it cost the most.
Verisign also issues certificates under a root called "Equifax", which
are far cheaper but functionally equivalent.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: End to End Secure Protocols are bogus., Florian Weimer
Next by Date:  Re: End to End Secure Protocols are bogus., Ralf Weber
Previous by Thread:  Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Stephen Kent
Next by Thread:  Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]