KEYDIST mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Keith Moore <moore@cs.utk.edu>
CC: Ted.Hardie@nominum.com, keydist@cafax.se
From: Steve Hanna <steve.hanna@sun.com>
Date: Mon, 14 Jan 2002 15:32:42 -0500
Sender: owner-keydist@cafax.se
Subject: Re: RESCAP/RC: an alternative to key distribution using DNS

Keith Moore wrote:
> ... absent reliable information about how a zone maintains its keys,
> my assumption would be that the key of almost *any* zone "might have
> been compromised". 

This is especially true if you consider that DNS registrars (and
large commercial CAs) are often convinced to change information
(or issue certificates) on the basis of flimsy evidence. There's no
need to compromise the root key if you can trick the operator into
signing bad information. That's why most security-conscious people
would rather choose who they trust.

-Steve

References:
- Re: RESCAP/RC: an alternative to key distribution using DNS
  - From: Keith Moore <moore@cs.utk.edu>

Prev by Date: Re: looking for draft volunteers
Next by Date: Re: looking for draft volunteers
Prev by thread: Re: RESCAP/RC: an alternative to key distribution using DNS
Next by thread: BOUNCE keydist@cafax.se: Non-member submission from [Keith Moore<moore@cs.utk.edu>] (fwd)
Index(es):
- Date
- Thread

Home | Date list | Subject list