[83727] in cryptography@c2.net mail archive
Re: DNSSEC to be strangled at birth.
daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu Apr 5 19:17:35 2007
Date: Thu, 05 Apr 2007 22:03:59 +0100
From: Ben Laurie <ben@links.org>
To: Simon Josefsson <simon@josefsson.org>
CC: Paul Hoffman <paul.hoffman@vpnc.org>,
Dave Korn <dave.korn@artimi.com>,
cryptography@metzdowd.com
In-Reply-To: <871wiyy2e5.fsf@mocca.josefsson.org>
Simon Josefsson wrote:
> However, in practice I don't believe many will trust the root key
> alone -- for example, I believe most if not all Swedish ISPs would
> configure in trust of the .se key as well. One can imagine a
> web-of-trust based key-update mechanism that avoids the need to trust
> a single root key.
Indeed, and I already wrote an I-D for it:
http://www.links.org/dnssec/draft-laurie-dnssec-key-distribution-01.html.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
