[Cryptography] Certificates and PKI

John Levine johnl at iecc.com
Mon Dec 22 09:50:07 EST 2014

>But also: DANE puts registries and registrars in the roles of CA and
>RA. If we think CAs are not a good solution, how is it the
>registries/registrars magically are?

We're stuck with them anyway.  (For the typical click-a-link that CAs
use, registrars and registries are already in the path.)

While I agree that the diligence of some registrars leaves a lot to be
desired, at least this approach has one less point of failure than the
current one.


More information about the cryptography mailing list