People keep referring to the 100+ vendor CA jungle. It is somewhat
impolite to point it out, but there are very few major vendors in this
space, and these vendors have been implicated in some of the most
publicized attacks. In some cases, hiding behind a "low-cost" brand name.
In other words,
Michael StJohns writes:
>DNSSEC seems to be picking on PKIX and vice versa - maybe the right answer is
>both?
Maybe the right answer is a paddling pool full of jello and Marquess of
Queensberry rules?
Peter (just adding to the available options a bit).
_
On 10/05/2010 02:46 PM, Martin Rex wrote:
The DNS admin that controls A can always get a perfectly valid
certificate B issued and successfully impersonate all services
offered on servers in his DNS domain.
By most people's definition, it's not "unauthorized impersonation" if
the DNS admin doe