[Cryptography] Certificates and PKI
Randy Bush
randy at psg.com
Mon Dec 22 09:02:28 EST 2014
> But also: DANE puts registries and registrars in the roles of CA and
> RA.
not exactly. it is the zone owners. but yes, you can be hijacked up
the tree. luckily this is not a problem with current CAs </sarcasm>.
> If we think CAs are not a good solution, how is it the
> registries/registrars magically are?
price? the dns hierarchy at least gives you some place to complain,
though admittidely with not a lot more effect. but with DANE, i can
take my zone and TLSA and move them to a different regiatrar for ten
bucks.
randy
the internet is not a hierarchy, a police state is.
More information about the cryptography
mailing list