[Cryptography] Opening Discussion: Speculation on "BULLRUN"
David Mercer
radix42 at gmail.com
Sat Sep 7 15:44:18 EDT 2013
On Sat, Sep 7, 2013 at 2:19 AM, ianG <iang at iang.org> wrote:
> On 7/09/13 10:15 AM, Gregory Perry wrote:
>
> Correct me if I am wrong, but in my humble opinion the original intent
>> of the DNSSEC framework was to provide for cryptographic authenticity
>> of the Domain Name Service, not for confidentiality (although that
>> would have been a bonus).
>>
>
>
> If so, then the domain owner can deliver a public key with authenticity
> using the DNS. This strikes a deathblow to the CA industry. This threat
> is enough for CAs to spend a significant amount of money slowing down its
> development [0].
>
> How much more obvious does it get [1] ?
>
> iang
>
I proposed essentially this idea around 10 years ago on the capabilities
list, using custom TXT records and some hackish things that are/were
sub-optimal due to DNSSEC being more of a pipedream then than it is now to
deliver public keys for any arbitrary purpose. I only went so far as to
kick around design ideas on and off-list back then under the tag-line of
objectdns (as in being able to locate and connect to any arbitrary object
via a public key crypto connection) and registering the domain objectdns.com.
Things stalled out there due to my lack of copious free time.
David Mercer - http://dmercer.tumblr.com
IM: AIM: MathHippy Yahoo/MSN: n0tmusic
Facebook/Twitter/Google+/Linkedin: radix42
FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130907/f45d9ff1/attachment.html>
More information about the cryptography
mailing list