To:
Keith Moore <moore@cs.utk.edu>
Cc:
Ted.Hardie@nominum.com, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Ted Hardie <Ted.Hardie@nominum.com>
Date:
Wed, 9 Jan 2002 11:59:52 -0800
Content-Disposition:
inline
In-Reply-To:
<200201091945.g09Jjwi24666@astro.cs.utk.edu>; from moore@cs.utk.edu on Wed, Jan 09, 2002 at 02:45:58PM -0500
Reply-To:
Ted.Hardie@nominum.com
Sender:
owner-keydist@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Re: From whence we came...
Keith writes: >Ted wrote: > > DNSSEC helps you to know that the materials you got from the wallet > > were the materials that the owner put in there. > > this is only true if you trust DNSSEC, and DNSSEC seems to assume > a trust model that not everyone would consider valid. > > this is fine if you don't make DNSSEC an inherent part of the trust chain. > it's not fine if you design a system that requires that everyone that uses > it place trust in DNSSEC. DNSSEC should not be part of the trust chain for the passport, the university ID, or the driver's license. It's the trust mechanism for ensuring the wallet's contents are those placed there by the wallet's owner, not for any of the IDs the wallet contains. For most form of ID, there are other trust mechanisms: I know what a U.S. passport looks like and I know who to call if I need to check the validity of U.S. passports or those issued by countries with representatives in the U.S.. Ditto for driver's licenses; not so ditto for University IDs, but I assume that those who need to check them have similar mechanisms. There also maybe some forms of ID (like business cards) for which knowing that they are the ones intended by the owner for distribution is enough, but I agree that we should not assume that is the case for all forms of ID. regards, Ted Hardie