Re: [DNSOP] Practical issues deploying DNSSEC into the home.

ietf

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-14 08:39:06

Martin Rex wrote:

There is no problem with the assumption that trusted third party
_could_ exist.


It couldn't.

What organization in US can be trusted against attacks by USG?

Note that Snowden demonstrated that even USG failed to keep its
top secret.

The reason where PKI breaks badly is whenever the third party that
Bob selected as _his_ third party is not a third party that Alice
has volutarily chosen herself to trust.  Instead, PKI forces
Alice to trust dozens of third parties, one or more per every
Bob out there.


In short, PKI is against the end to end principle, because
CAs are intelligent intermediate systems.

But, if CAs were trusted third parties, it means both Alice
and Bob can safely trust them.

                                                Masataka Ohta

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [DNSOP] Practical issues deploying DNSSEC into the home., (continued) Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Joe Abley Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Martin Rex Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta <= Re: [DNSOP] Practical issues deploying DNSSEC into the home., Tony Finch Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon

Previous by Date:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta
Next by Date:	Re: Last Call: <draft-ietf-insipid-session-id-reqts-08.txt> (Requirements for an End-to-End Session Identification in IP-Based Multimedia Communication Networks) to Informational RFC, SM
Previous by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Martin Rex
Next by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Tony Finch
Indexes:	[Date] [Thread] [Top] [All Lists]