Unless I entirely misunderstand this thread, he is saying that the
DNS can be trusted to maintain the binding between my host's public
key and my host's name--WITHOUT using a signed certificate. Before I
die choking on my morning coffee, I would like to know something:
What assurance features and mechanisms does Ran propose to use to
make us trust all the servers in the worldwide DNS system that much?
If I read him correctly, he's assuming a trusted connection to a server
which has been vouched for by some other trusted server, over a trusted
connection. That setup is equivalent to a certificate hierarchy but with
trusted, encrypted channels over which you learn keys substituting for
signatures of those keys.
At some point (perhaps the top server) there needs to be another way to
establish the public key but that's true for certificates anyway.
I'm not pushing this system -- just trying to read his message and answer
your question.
- Carl