[Cryptography] Is it time for a revolution to replace TLS?

Phillip Hallam-Baker hallam at gmail.com
Wed May 14 12:56:53 EDT 2014


On Wed, May 14, 2014 at 11:53 AM, Christian Huitema <huitema at huitema.net> wrote:
>> Its not just me who has this problem. Two gentlemen, one of who I know
>> to be ex-KGB (now GRU) I presume tried to explain the problem to Steve
>> Crocker some years ago to no effect. Crocker isn't at all worried
>> about the possibility he might do something others disagreed with
>> after they have no opportunity to change service providers.
>
> There may be some hope there with the recent increase in number of top level
> domain names. There is a single root for the DNS managed by ICANN, but we
> can expect the TLD certs to become very quickly well-known and "pinned." In
> theory, someone with ICANN keys could still change them, but in practice
> this could be made into a very public event with lots of "societal control."
> If you believe that, then we have effectively created a market for "name +
> security." By registering your domain in a specific TLD, you get the
> certificate management practice of that TLD. That would be a definitive
> improvement on the current "hundreds of PKI authorities" model.

+1

This is the main reason I am interested in Certificate Transparency
for DNSSEC. Otherwise it is not much point.



-- 
Website: http://hallambaker.com/


More information about the cryptography mailing list