W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2007

Re: DNSSEC indicator

From: Dick Hardt <dick@sxip.com>
Date: Fri, 27 Apr 2007 11:11:29 +0200
Message-Id: <7F0C44A3-0B70-43D1-9755-41484EC3EBAB@sxip.com>
Cc: "Dan Schutzer" <dan.schutzer@fstc.org>, "Thomas Roessler" <tlr@w3.org>, michael.mccormick@wellsfargo.com, ses@ll.mit.edu, public-wsc-wg@w3.org, kjell.rydjer@swedbank.se, steve@shinkuro.com, public-usable-authentication@w3.org
To: "Ben Laurie" <benl@google.com> 


On 27-Apr-07, at 11:04 AM, Ben Laurie wrote:

> On 4/26/07, Dick Hardt <dick@sxip.com> wrote:
>> fwiw I have always envisioned the significant impact of DNSSEC was to
>> provide a "trusted" method for tying the public key used in TLS to
>> the domain name bypassing the "leaky" CA infrastructure.
>
> What do you mean by "leaky"? Also, why do you think the DNS
> infrastructure would be less "leaky"?

DNSEC provides a tighter binding of the public key to the domain name  
then the current CA infrastructure that has been shown to issue certs  
for domains to entities other then those controlling the domain.

-- Dick
Received on Friday, 27 April 2007 09:11:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:09 GMT