ietf
[Top] [All Lists]

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-12 06:34:17
Theodore Ts'o wrote:

More importantly, what problem do people think DNSSEC is going to
solve?

Insufficient revenue of registries.

It is still a hierarchical model of trust.  So at the top, if you
don't trust Verisign for the .COM domain and PIR for the .ORG domain
(and for people who are worried about the NSA, both of these are US
corporations), the whole system falls apart.

Right. PKI is fundamentally broken, because its fundamental
assumption that trusted third parties could exist is a total
fallacy.

                                                        Masataka Ohta

<Prev in Thread] Current Thread [Next in Thread>