[Cryptography] Is it time for a revolution to replace TLS?
Christian Huitema
huitema at huitema.net
Wed May 14 11:53:31 EDT 2014
> Its not just me who has this problem. Two gentlemen, one of who I know
> to be ex-KGB (now GRU) I presume tried to explain the problem to Steve
> Crocker some years ago to no effect. Crocker isn't at all worried
> about the possibility he might do something others disagreed with
> after they have no opportunity to change service providers.
There may be some hope there with the recent increase in number of top level
domain names. There is a single root for the DNS managed by ICANN, but we
can expect the TLD certs to become very quickly well-known and "pinned." In
theory, someone with ICANN keys could still change them, but in practice
this could be made into a very public event with lots of "societal control."
If you believe that, then we have effectively created a market for "name +
security." By registering your domain in a specific TLD, you get the
certificate management practice of that TLD. That would be a definitive
improvement on the current "hundreds of PKI authorities" model.
-- Christian Huitema
More information about the cryptography
mailing list