To:
Keith Moore <moore@cs.utk.edu>
Cc:
sommerfeld@orchard.arlington.ma.us, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Johan Ihren <johani@autonomica.se>
Date:
26 Mar 2002 21:04:53 +0100
In-Reply-To:
<200203261817.g2QIHDt18039@astro.cs.utk.edu>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.3
Subject:
Re: My take on the BoF session
Keith Moore <moore@cs.utk.edu> writes: > > > > So, last I checked, the DNS root was *already* a critical service. > > > > Someone who can get bogus data into it can already cause no end of > > > > chaos. > > > > > > right, but placing an even greater trust it it does not seem wise. > > > > Isn't this a business opportunity for someone who does have experience > > with trust management to sell their services over DNSSEC in addition > > to other mechanisms? > > perhaps. but the creation of new business opportunities is not a > sound justification for a design decision. It wasn't intended to be justification, it was only an observation of fact. I agree with you that adding more dependence on the public DNS root has drawbacks (as well as advantages). I further agree with you that even with a trusted root the chain of unknowns down to the target zone pose a risk assessment problem. I propose a method by which these problems can be circumvented, at least for certain types of need. Any comments on the actual suggestion? I.e. in addition to the clear drawback of being a business opportunity, what is it that you don't like? Regards, Johan