On Sep 6, 2013, at 2:06 PM, Måns Nilsson <mansaxel(_at_)besserwisser(_dot_)org>
wrote:
Right, because there's no way the NSA could ever pwn the DNS root key.
It is probably easier for NSA or similar agencies in other countries
to coerce X.509 root CA providers that operate on a competetive market
than fooling the entire international DNS black helicopter cabal.
Probably the wrong place to apply the paranoia. How much do you trust the AEP
Keyper HSM tamperproof blackbox hasn't had a backdoor installed into it at the
factory?
Audit and open source seem to be good starting points.
Where feasible, sure. Unfortunately, the rabbit hole is deep. How many
billions of transistors are there in commodity chips these days?
Regards,
-drc
signature.asc
Description: Message signed with OpenPGP using GPGMail