<div dir="ltr"><br><div class="gmail_extra">On Sat, Sep 7, 2013 at 2:19 AM, ianG <span dir="ltr"><<a href="mailto:iang@iang.org" target="_blank">iang@iang.org</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">On 7/09/13 10:15 AM, Gregory Perry wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Correct me if I am wrong, but in my humble opinion the original intent<br>
of the DNSSEC framework was to provide for cryptographic authenticity<br>
of the Domain Name Service, not for confidentiality (although that<br>
would have been a bonus).<br>
</blockquote>
<br>
<br></div>
If so, then the domain owner can deliver a public key with authenticity using the DNS. This strikes a deathblow to the CA industry. This threat is enough for CAs to spend a significant amount of money slowing down its development [0].<br>
<br>
How much more obvious does it get [1] ?<br>
<br>
iang<br></blockquote><div><br></div><div style>I proposed essentially this idea around 10 years ago on the capabilities list, using custom TXT records and some hackish things that are/were sub-optimal due to DNSSEC being more of a pipedream then than it is now to deliver public keys for any arbitrary purpose. I only went so far as to kick around design ideas on and off-list back then under the tag-line of objectdns (as in being able to locate and connect to any arbitrary object via a public key crypto connection) and registering the domain <a href="http://objectdns.com">objectdns.com</a>. Things stalled out there due to my lack of copious free time.</div>
<div style><br></div><div style><div>David Mercer - <a href="http://dmercer.tumblr.com/" target="_blank">http://dmercer.tumblr.com</a><br>IM: AIM: MathHippy Yahoo/MSN: n0tmusic<br>Facebook/Twitter/Google+/Linkedin: radix42<br>
FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7</div><div><br></div></div></div></div></div>