W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2007

Re: DNSSEC indicator

From: James A. Donald <jamesd@echeque.com>
Date: Fri, 27 Apr 2007 07:32:29 +1000
Message-ID: <46311A6D.2060304@echeque.com>
To: Dick Hardt <dick@sxip.com>
CC: Dan Schutzer <dan.schutzer@fstc.org>, Thomas Roessler <tlr@w3.org>, michael.mccormick@wellsfargo.com, ses@ll.mit.edu, public-wsc-wg@w3.org, kjell.rydjer@swedbank.se, steve@shinkuro.com, public-usable-authentication@w3.org, Ben Laurie <benl@google.com> 

Dick Hardt wrote:
 > fwiw I have always envisioned the significant impact
 > of DNSSEC was to provide a "trusted" method for tying
 > the public key used in TLS to the domain name
 > bypassing the "leaky" CA infrastructure.

CA architecture was designed to tie certificates to true
names - trouble is that the user is not necessarily
seeking to interact with a true name, but with a trusted
domain, or, more commonly, with a particular domain that
some trusted domain has linked to.
Received on Thursday, 26 April 2007 21:32:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:15 GMT