<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Apr 6, 2015 at 12:51 AM, Peter Gutmann <span dir="ltr"><<a href="mailto:pgut001@cs.auckland.ac.nz" target="_blank">pgut001@cs.auckland.ac.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Phillip Hallam-Baker <<a href="mailto:phill@hallambaker.com">phill@hallambaker.com</a>> writes:<br>
<br>
>The second question is one that the folk who think DNSSEC is a mechanism for<br>
>securing the DNS have never really had an answer for. What do I do if the<br>
>DNSSEC chain does not validate?</span><br></blockquote><div>....... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Here's another one... this is a list full of security geeks, so lets do a<br>
quick (virtual) show of hands:<br>
<br>
- How many people have at some point received signed email (S/MIME, PGP,<br>
whatever)?<br></blockquote><div> </div>Mostly on this list... I might note that mailing list software could help to <br>close this gap. As a validating remailer (moderated+) it could attach a header with <br>a PGP key or pointer to the senders PGP key if the public bits are presented to the </div><div class="gmail_quote">list at sign up.<br><br>One of the gaps in any authentication process is building a structure of trust</div><div class="gmail_quote">and by starting with some modest sized groups a bigger web might be built.</div><div class="gmail_quote"><br></div><div class="gmail_quote">Member would cache previous keys and if the server was hacked members </div><div class="gmail_quote">would know because checks against individual and list keys fails.</div><div class="gmail_quote"><br></div><div class="gmail_quote">Normal reminder messages can contain PGP key (or pointer) for moderators</div><div class="gmail_quote">and list managers.</div><div class="gmail_quote"><br></div><div class="gmail_quote">The point is DNS or mail -- it is messages and message validation is the issue.</div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>