Good day, > This like designing a bicycle with three and half wheels. Any > restructuring that makes DNSSEC useful would make the CAs useless. The > goal of their design is not to make DNSSEC useful, but to make it useful > in a fashion that does not harm the CA business model.
With one notable exception: at the current state, Keys-in-DNSSEC is only for authentication of domains. They would replace the "domain-validated" certs that CAs often issue (and I would guess it's their cash cow). CAs could still issue their Extended Validation certs which identify the organization behind the domain by a given trade name. There are not many of these yet, though, presumably due to the pricing. So, in summary, CAs would lose their cash cow, and most but not all of them would probably become useless soon, indeed. Let's see how things develop at Mozilla. Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
