On 10 Aug 2014, at 19:35, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
From those perspectives, a registrar or registry who might
collude with a criminal registrant to create deliberately
deceptive names and associated registration data (or whose
procedures allow similar results without explicit collusion) is
fully as much part of the threat model as a CA that issues
certificates without any attempt to verify the identity of the
entity being certified or who colludes in deliberately hiding or
distorting the information.
As far as I can tell, we don't have a good word to describe what
DNSSEC does.
Roy Arends used to call it “expensive error checking”.
The only word left to argue about would be “expensive” as that is relative to
the value of that being checked.
Joao
signature.asc
Description: Message signed with OpenPGP using GPGMail