To:
Keith Moore <moore@cs.utk.edu>
Cc:
sommerfeld@orchard.arlington.ma.us, Edward Lewis <lewis@tislabs.com>, keydist@cafax.se
From:
Johan Ihren <johani@autonomica.se>
Date:
26 Mar 2002 21:43:09 +0100
In-Reply-To:
<200203262029.g2QKTpt22742@astro.cs.utk.edu>
Sender:
owner-keydist@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.3
Subject:
Re: My take on the BoF session
Keith Moore <moore@cs.utk.edu> writes: > > Any comments on the actual suggestion? I.e. in addition to the clear > > drawback of being a business opportunity, what is it that you don't > > like? My point was not at all about selling expertise, it was about adjusting the delegation chain to better reflect a trust chain. > it makes perfect sense to me for folks with security clue to attempt > to sell their expertise to folks who lack such clue. > > but I don't see how this impacts the design of DNSSEC or of protocols > using DNSSEC. It doesn't. But that wasn't the issue. You complained about adding more dependency on the public DNS root by making it a security apex in addition to a naming apex. I also think that you complained about the difficulties of choosing trustworthy (DNS) parents, although I may have gotten that wrong. All I did was to point out that DNS is flexible anough to circumnavigate these problems in cases where the "security" binding is more important than the "naming" binding. Regards, Johan