Status of opportunistic encryption
James A. Donald
jamesd at echeque.com
Mon Jun 5 18:14:46 EDT 2006
Thomas Harold:
> > I do suspect at some point that the lightweight
> > nature of DNS will give way to a heavier, encrypted
> > or signed protocol. Economic factors will probably
> > be the driving force (online banking).
Thierry Moreau wrote:
> E.g. RFC4033, RFC4034, RFC4035.
Well I wish it was going to happen, but right now
measures that are already deployed are not being used.
Except for e-gold, businesses under phishing attack are
not signing their email.
Since the proposed DNS signing relies on trusted root
keys transmitted out of band, it is not going to be
deployed either, for much the same reasons. We need a
one click solution like SSH, or a zero click solution
like Skype.
And the proposed solution involves too many connections.
Any solution has to fit in a UDP datagram.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list