[Cryptography] Opening Discussion: Speculation on "BULLRUN"
iang at iang.org
Sat Sep 7 05:19:24 EDT 2013
On 7/09/13 10:15 AM, Gregory Perry wrote:
> Correct me if I am wrong, but in my humble opinion the original intent
> of the DNSSEC framework was to provide for cryptographic authenticity
> of the Domain Name Service, not for confidentiality (although that
> would have been a bonus).
If so, then the domain owner can deliver a public key with authenticity
using the DNS. This strikes a deathblow to the CA industry. This
threat is enough for CAs to spend a significant amount of money slowing
down its development .
How much more obvious does it get  ?
 If one is a finance geek, one can even calculate how much money the
opponents are willing to spend.
 As an aside, NSA/DoD have invested significant capital in the PKI as
well. Sufficient that they will be well aligned with the CA mission,
and sufficient that they will approve of any effort to keep the CAs in
business. But this part is far less obvious.
More information about the cryptography