> On Nov 17, 2018, at 6:07 AM, Lanlan Pan <abby...@gmail.com> wrote: > > And TLS's distribute certificate exchange maybe better than DNSSEC's > centralized trust anchor.
In principle, yes, when one carefully selects just the appropriate trust anchor(s) for a given task. Some applications do use specific trust-anchors (internal corporate CAs) at least some of the time. [ FWIW, TLS is trust-model agnostic, it is the WebPKI that uses the usual panoply of CAs. ] In practice, one generally uses the Mozilla or similar trust bundle, and so it is still centralized, except that now the attacker has a choice of multiple central authorities to compromise. So most of the time the WebPKI is weaker, but you sometimes have a choice when you can limit the set of peers with which you need to communicate. With DNSSEC validating resolvers can also configure trust-anchors at any point in the tree, which also allows for internal corporate trust-anchors, and if some TLD or similar followed the RFC5011 key rollover process used at the root, one could also track the TLD's keys independently of the delegation from ICANN, but AFAIK this is not presently a common TLD practice. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls