On 02/10/2011 07:20 PM, From Steve Schultze:
Zack, arguing with Eddy on this point is a losing proposition. DNSSEC+TLSA is has some demonstrably superior characteristics to CA DV, but Eddy is not willing to concede this or even give detailed reasoning.
Well, we know about the advantages and shortcomings of CAs, you still have to provide a loot of proof about the supposed superiority of DNSSEC and what potential shortcomings will be. Eventually you don't have to convince the convinced and not even myself, but the software vendors that invested into a particular trust model of which you want them to give up partly. Or in addition. Or a combination of those.
I just mentioned in the previous mail a couple of arguments, perhaps you've got some answer to those instead of ranting against me?
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
