To:
keydist@cafax.se
From:
Jakob Schlyter <jakob@crt.se>
Date:
Wed, 9 Jan 2002 21:47:01 +0100 (CET)
Sender:
owner-keydist@cafax.se
Subject:
BOUNCE keydist@cafax.se: Non-member submission from [Keith Moore<moore@cs.utk.edu>] (fwd)
Approve: appkey
Received: from astro.cs.utk.edu (astro.cs.utk.edu [160.36.58.43])
by nic.cafax.se (8.12.1/8.12.1) with ESMTP id g09Jk1C2007186
for <keydist@cafax.se>; Wed, 9 Jan 2002 20:46:02 +0100 (MET)
Received: from astro.cs.utk.edu (localhost [127.0.0.1])
by astro.cs.utk.edu (cf 8.9.3) with ESMTP id g09Jjwi24666;
Wed, 9 Jan 2002 14:45:58 -0500 (EST)
Message-Id: <200201091945.g09Jjwi24666@astro.cs.utk.edu>
X-URI: http://www.cs.utk.edu/~moore/
From: Keith Moore <moore@cs.utk.edu>
To: Ted.Hardie@nominum.com
cc: Keith Moore <moore@cs.utk.edu>, Edward Lewis <lewis@tislabs.com>,
keydist@cafax.se
Subject: Re: From whence we came...
In-reply-to: Your message of "Wed, 09 Jan 2002 11:10:52 PST."
<20020109111052.B67743@shell.nominum.com>
Date: Wed, 09 Jan 2002 14:45:58 -0500
Sender: moore@cs.utk.edu
> I think this is a valid point. The way I wrap that in my head is:
>
> DNSSEC helps you to know that the materials you got from the wallet
> were the materials that the owner put in there.
this is only true if you trust DNSSEC, and DNSSEC seems to assume
a trust model that not everyone would consider valid.
this is fine if you don't make DNSSEC an inherent part of the trust chain.
it's not fine if you design a system that requires that everyone that uses
it place trust in DNSSEC.
put another way: if the system assumes that DNSSEC is *the* only way to
make verifiable assertions about identity, it's broken. if the system
allows DNSSEC as *a* way to make verifiable assertions about identity,
with other ways allowed also, that's a Good Thing.
Keith