[Cryptography] Opening Discussion: Speculation on "BULLRUN"

ianG iang at iang.org
Sat Sep 7 05:19:24 EDT 2013

On 7/09/13 10:15 AM, Gregory Perry wrote:

> Correct me if I am wrong, but in my humble opinion the original intent
> of the DNSSEC framework was to provide for cryptographic authenticity
> of the Domain Name Service, not for confidentiality (although that
> would have been a bonus).

If so, then the domain owner can deliver a public key with authenticity 
using the DNS.  This strikes a deathblow to the CA industry.  This 
threat is enough for CAs to spend a significant amount of money slowing 
down its development [0].

How much more obvious does it get [1] ?


[0] If one is a finance geek, one can even calculate how much money the 
opponents are willing to spend.
[1] As an aside, NSA/DoD have invested significant capital in the PKI as 
well.  Sufficient that they will be well aligned with the CA mission, 
and sufficient that they will approve of any effort to keep the CAs in 
business.  But this part is far less obvious.

More information about the cryptography mailing list