[Cryptography] "Trust in digital certificate ecosystem eroding"

Paul Hoffman paul.hoffman at vpnc.org
Mon May 4 17:13:06 EDT 2015


On May 4, 2015, at 6:16 AM, Ben Laurie <ben at links.org> wrote:
> Why? DNSSEC has its equivalent of CAs/RAs: registries and registrars.
> Why do you think they'll do any better a job of verifying ownership
> than CAs do?

Because registries (not registrars) controls the ownership already. It's not a matter of they "verifying" ownership: they control all the delegation in their namespace.

Note how this is completely different than CAs who don't own the namespace at all.

--Paul Hoffman



More information about the cryptography mailing list