[Cryptography] "Trust in digital certificate ecosystem eroding"
paul.hoffman at vpnc.org
Mon May 4 17:13:06 EDT 2015
On May 4, 2015, at 6:16 AM, Ben Laurie <ben at links.org> wrote:
> Why? DNSSEC has its equivalent of CAs/RAs: registries and registrars.
> Why do you think they'll do any better a job of verifying ownership
> than CAs do?
Because registries (not registrars) controls the ownership already. It's not a matter of they "verifying" ownership: they control all the delegation in their namespace.
Note how this is completely different than CAs who don't own the namespace at all.
More information about the cryptography