On 02/06/2011 12:02 AM, From Nelson B Bolyard:
I think CAs still get most of their revenues from DV
I'm not sure if that's correct (revenues != market share)...
and so perceive DANE as a direct threat.
....and I believe that DV certs issued by CAs provides what the proposed
keys in DNS can't. Most likely we'll get to that at some point...
However, I wouldn't especially miss the current state of affairs with
DV certification if DANE totally supplanted it.
Sadly, I'm sure you're not alone.
However probably the optimal approach will be CA issued certs in DNS
that also make use of DNSSEC to validate the former (DV). Eventually I
believe that this will emerge as the real improvement and most useful
approach for software vendors and CAs alike - providing real value for
what DV is supposed to do and by closing the entire circle.
And most likely this is not what the Anti-CA crowd wants to achieve, but
nevertheless might get in the end. :-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
