[Cryptography] Certificates and PKI
randy at psg.com
Mon Dec 22 09:02:28 EST 2014
> But also: DANE puts registries and registrars in the roles of CA and
not exactly. it is the zone owners. but yes, you can be hijacked up
the tree. luckily this is not a problem with current CAs </sarcasm>.
> If we think CAs are not a good solution, how is it the
> registries/registrars magically are?
price? the dns hierarchy at least gives you some place to complain,
though admittidely with not a lot more effect. but with DANE, i can
take my zone and TLSA and move them to a different regiatrar for ten
the internet is not a hierarchy, a police state is.
More information about the cryptography