To:
Keith Moore <moore@cs.utk.edu>
Cc:
keydist@cafax.se
From:
Randy Bush <randy@psg.com>
Date:
Tue, 26 Mar 2002 10:28:44 -0800
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
> as I see it, there are three major problems with this approach: > > 1. unconditionally representing this as a security improvement and not > informing the user about the limitations of this approach - and in > particular, about the degree of trust that this invests in the > root and higher-level zones. and informing users about security is sooooo easy > 2. trusting DNS "by default" - i.e. presuming the user's choice. yup randy