To:
RJ Atkinson <rja@extremenetworks.com>
cc:
keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Tue, 26 Mar 2002 14:55:06 -0500
In-reply-to:
(Your message of "Tue, 26 Mar 2002 14:16:19 EST.") <F3F06243-40ED-11D6-BFF7-00039357A82A@extremenetworks.com>
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
> If one considers the case of the US DoD (which > conveniently has their own TLD, for historical reasons), > and can strongly influence the root key's assurance properties, > the scaling properties are even better than for a single > subdomain. if the US DoD can dictate the root key's policies, IMHO that's a very good reason to consider it untrustworthy. things that the US government considers 'national security' interests (and therefore worthy of DoD attention) are usually hostile to other interests using DNS - often including the interests of US citizens. OTOH if the US DoD wanted to invest trust in the .MIL key, that's their own business. but an argument that dnssec gives the US DoD the excuse to control the root is NOT an argument in favor of increased reliance on dnssec. Keith