DNSSEC to be strangled at birth.
Florian Weimer
fw at deneb.enyo.de
Thu Apr 5 16:56:06 EDT 2007
* Peter Gutmann:
> "Dave Korn" <dave.korn at artimi.com> writes:
>
>>Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread
>>non-acceptance.
>
> I realise this is a bit of a cheap shot, but:
>
> How will this be any different from the current situation?
You can see that the keys change and draw your conclusions. Right
now, you need to watch the actual data, which is a bit unwieldy (2.5%
daily change rate for .COM/.NET and things like that).
By the way, who else has expressed willingness to hold the key, under
reasonable conditions? Would it be preferable if some
non-governmental organization held the keys, after receiving an
indemnification guarantee from Congress?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list