To:
Keith Moore <moore@cs.utk.edu>
CC:
Ted.Hardie@nominum.com, keydist@cafax.se
From:
Steve Hanna <steve.hanna@sun.com>
Date:
Mon, 14 Jan 2002 15:32:42 -0500
Sender:
owner-keydist@cafax.se
Subject:
Re: RESCAP/RC: an alternative to key distribution using DNS
Keith Moore wrote: > ... absent reliable information about how a zone maintains its keys, > my assumption would be that the key of almost *any* zone "might have > been compromised". This is especially true if you consider that DNS registrars (and large commercial CAs) are often convinced to change information (or issue certificates) on the basis of flimsy evidence. There's no need to compromise the root key if you can trick the operator into signing bad information. That's why most security-conscious people would rather choose who they trust. -Steve