On Fri, Nov 01, 2013 at 03:29:12PM +0900, Masataka Ohta wrote: > TLS is another PKI and is inherently insecure as CAs can be > compromised.
True, but Tony's quorum-based approach could be made exhaustive enough that the adversary would have to have compromised *every* CA. If they can do that, I'm not sure any realistic defense is possible anyway. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop