Erik,
I must have been reading your and Jari's yesterday's messages
carelessly. My apologies. I'll try to find time to read them
again. I agree that as we are in general dependent on DNS names, we
need to worry about DNS security, too. Where KHIs and the like may
help there is the possibility of using leap-of-faith kind of methods,
in a way similar to what SSH does today.
--Pekka
I wrote:
I think you may be missing one aspect of CGAs/KHIs/HITs/whatever,
which is implicit channel bindings and the ability to continue
identifiers for security purposes.
You wrote:
I suspect neither Jari or I have missed that.
I guess I don't understand what you are responding to; this
particular part was about the need for DNSsec and routing security.
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
