RE: Interim signing of the root zone.

["John M. Brown" <john@chagres.net>]

I thought this thread is about an "Interm" method of signing
the root-zone.  

Not solving the credit card fraud issues, or world hunger.

If we can bring this back on topic and work towards the goal
of having a better system, even if it means taking baby steps
towards those goals, then this debate will have much more
meaning in the "recent" sense.

thank you

john brown
Le Geek

> -----Original Message-----
> From: owner-dnsop@cafax.se [mailto:owner-dnsop@cafax.se] On 
> Behalf Of Brad Knowles
> Sent: Wednesday, October 23, 2002 6:29 PM
> To: Masataka Ohta
> Cc: Brad Knowles; Edward Lewis; Markus Stumpf; dnsop@cafax.se
> Subject: Re: Interim signing of the root zone.
> 
> 
> At 11:28 PM +0859 2002/10/23, Masataka Ohta wrote:
> 
> >  The real world does not need PKI.
> >
> >  People pay with credit card, not because of PKI, but 
> because  credit 
> > card campanies give credentials to their customers.
> 
> 	The credit card companies lose billions of dollars a 
> year due to 
> fraud.  They want more secure transactions than most anyone else in 
> the world, and they are paying *BIG* bucks to make it happen.  And a 
> KI or PKI is a critical part of that task.
> 
> 	Are you willing to have your startup risk billions of dollars a 
> year because you didn't secure the transactions, but you guarantee 
> them anyway?
> 
> >  Shared key cryptography with long and random enough keys 
> is simply  
> > secure regardless of the number of the users.
> 
> 	Shared keys that long and random can't be remembered by users, 
> and there has to be some sort of KI to support them.
> 
> >  Your argument should be that, public key cryptography is insecure  
> > because it relies on the security of transactions of shared key  
> > cryptography which is '"secure" as an inverse power of the 
> numer of'  
> > transactions which have the shared keys exchanged through 
> PKI for  so 
> > may transactions,
> 
> 	Shared key transactions are a critical part of public key 
> transactions.  The public key part is just enough to allow you to 
> securely exchange shared session keys which then automatically go 
> away.
> 
> 	The problem is with persistent shared key cryptography.
> 
> >  Fortunately, in the real world, no one needs PKI.
> 
> 	Maybe they think they don't.
> 
> >  Over the real world Internet, people are already paying on 
> line with  
> > credit cards, because credit card companies are giving 
> credential to  
> > their users through the direct relationships between the 
> credit card  
> > companies and the users.
> 
> 	How many users are willing to buy things over the net 
> that aren't 
> secured with SSL?  Well, any use of SSL is using public key 
> cryptography, and needs a PKI.
> 
> 	If you're willing to use credit cards without securing the 
> transaction, then feel free to share your credit card numbers on this 
> mailing list.
> 
> >  You can't use your credit card for your shopping, if the 
> shop you are  
> > paying for can not communicate with a credit card company to  
> > authorize your credential information, for which PKI is useless.
> 
> 	How the hell do you think they authorize the card?!?
> 
> 	Just what does the word "authorize" mean in your 
> dictionary, anyway?!?
> 
> >  Moreover, best effort communication over the Internet is 
> basically  
> > free that no one really want to reduce the need for the realtime  
> > communication.
> 
> 	Feel free to turn off all use of SSL, TLS, ssh, etc... on all 
> your computers.
> 
> >  On the other hand, credit card companies or any other 
> entities are  
> > giving credential to their users through direct 
> relationships between  
> > the entities and the users. They can exchange and are already  
> > exchanging shared keys through the direct relatiohships.
> 
> 	And how do you think those direct relationships are handled in 
> the first place?!?
> 
> >  Nothing is different on (in)secure DNS that there is no point on  
> > signing the root zone.
> >
> >  The real world does not need PKI nor secure DNS.
> 
> 	Feel free to give us your social security number, your credit 
> cards, and all your other personal data.
> 
> 	If you're not willing to do that, then please share with us how 
> you are going to secure any transaction that uses this kind of 
> information.  Moreover, please explain how you are going to do that 
> but *not* using SSL, TLS, ssh, or any other form of encryption.
> 
> -- 
> Brad Knowles, <brad.knowles@skynet.be>
> 
> "They that can give up essential liberty to obtain a little 
> temporary safety deserve neither liberty nor safety."
>      -Benjamin Franklin, Historical Review of Pennsylvania.
> 
> GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E 
> W+++(--) N+ !w---
> O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) 
> X++(+++) R+(+++)
> tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* 
> tv+z(+++)
> #-------------------------------------------------------------
> ---------
> # To unsubscripbe, send a message to <dnsop-request@cafax.se>.
> 


#----------------------------------------------------------------------
# To unsubscripbe, send a message to <dnsop-request@cafax.se>.