On Sep 12, 2013, at 7:24 AM, Theodore Ts'o <ty...@mit.edu> wrote: > It is still a hierarchical model of trust. So at the top, if you > don't trust Verisign for the .COM domain and PIR for the .ORG domain > (and for people who are worried about the NSA, both of these are US > corporations), the whole system falls apart.
Its also a constrained path of trust, and you can actually chose who you trust.
E.g. your application could be constructed to look up both
"{data}.dnssec-info-domain.com" and "{data}.dnssec-info-domain.ru". Only if
both use the same validated key is the key accepted.
That way, the trust becomes:
1: The root is trusted
2: The registrar for .com and .ru don't collaborate, since they must
collaborate for the trust to affect the results.
This is a huge difference from SSL, which unless you pin your application to
trust only a single CA, you end up having to trust the entire universe of
certificate authorities.
--
Nicholas Weaver it is a tale, told by an idiot,
nwea...@icsi.berkeley.edu full of sound and fury,
510-666-2903 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
