Re: [DNSOP] Practical issues deploying DNSSEC into the home.

ietf

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-13 18:08:26

Masataka Ohta wrote:

It is still a hierarchical model of trust.  So at the top, if you
don't trust Verisign for the .COM domain and PIR for the .ORG domain
(and for people who are worried about the NSA, both of these are US
corporations), the whole system falls apart.


Right. PKI is fundamentally broken, because its fundamental
assumption that trusted third parties could exist is a total
fallacy.


I believe the problem is slightly different.

There is no problem with the assumption that trusted third party
_could_ exist.

The reason where PKI breaks badly is whenever the third party that
Bob selected as _his_ third party is not a third party that Alice
has volutarily chosen herself to trust.  Instead, PKI forces
Alice to trust dozens of third parties, one or more per every
Bob out there.

-Martin

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [DNSOP] Practical issues deploying DNSSEC into the home., (continued) Re: [DNSOP] Practical issues deploying DNSSEC into the home., Olafur Gudmundsson Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Joe Abley Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Martin Rex <= Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Tony Finch Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o

Previous by Date:	Re: PS Characterization Clarified, Carsten Bormann
Next by Date:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta
Previous by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta
Next by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta
Indexes:	[Date] [Thread] [Top] [All Lists]