Phillip,
Yes, ICANN took advantage of a large existing knowledge base to create a
method of securing the root KSK. It would have been foolish to do otherwise.
David asserted that the processes used by ICANN provided greater security
than those for PKIX PKI, I was pointing out that the claim made is false.
This is the second time you have falsely claimed I have made assertions that I
have not.
Please stop.
I have said precisely nothing about the processes of the PKIX PKI other than I
understood the operation of the DNSSEC root KSK to be more public and open than
"the operation of (many? most? all?) commercial CAs".
If you disagree with that statement, please provide evidence that shows
commercial CAs operating at least as openly and transparently as ICANN's
handling of the DNSSEC root KSK.
Whether this increased level of openness/transparency provides greater security
may be an interesting topic to explore, but I have not made any assertions to
that effect in this thread.
When someone repeats FUD after having the issue explained to them repeatedly
I tend to start speaking plainly.
Again, you appear to having conversations outside of the context of this thread
and misattributing those conversations.
Please stop.
If you have evidence I have repeated FUD, please provide it.
So I don't have to fix DNSSEC, all I need to fix here is to have David and
others stop making claims for the protocol that are not supported by evidence.
I am unaware of any claim I might have made regarding DNSSEC that is not
supported by evidence. Can you please provide a reference to such a statement.
Thanks.
Regards,
-drc
signature.asc
Description: Message signed with OpenPGP using GPGMail