W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2007

Re: SV: Re[2]: DNSSEC indicator

From: Chris Drake <christopher@pobox.com>
Date: Fri, 27 Apr 2007 22:37:32 +1000
Message-ID: <1011227313.20070427223732@pobox.com>
To: kjell.rydjer@swedbank.se
CC: tlr@w3.org, michael.mccormick@wellsfargo.com, ses@ll.mit.edu, public-wsc-wg@w3.org, <steve@shinkuro.com>, <public-usable-authentication@w3.org>

Yep - just like I said.  4 Swedish banks is not more than a fraction
of a percent of the Internet.  (that's not even starting on the fact
that banks all use SSL already, so DNSSEC doesn't get them anything
that they don't already have anyhow... and the holders of the .SE root
key invite you to email them so they can add "your favorite CA" to
their trust chain... http://www.dnssec.se/ca.html - so .SE's DNSSEC is
arguably less secure than SSL *already*) 

Kind Regards,
Chris Drake


Friday, April 27, 2007, 9:18:45 PM, you wrote:

krss> DNSSEC does exist.
krss> Sweden and .SE is the first country in the world singning
krss> their zone for DNSSEC in February 2007.
krss> In 2007 4 Internetbanks and 4 ISP in Sweden will support
krss> DNSSEC. And then more than 85 % of the Internetbank user in
krss> Sweden running DNSSEC.
krss> See http://www.iis.se/english/nyheter/news/2007-02-16?lang=en

krss> Bulgaria and New Zeeland has also done a great job, and will sign their zone soon.

krss> Regards Kjell Rydjer 

krss> -----Ursprungligt meddelande-----
krss> Från: Chris Drake [mailto:christopher@pobox.com] 
krss> Skickat: den 26 april 2007 12:49
krss> Till: Thomas Roessler
krss> Kopia: michael.mccormick@wellsfargo.com; ses@ll.mit.edu;
krss> public-wsc-wg@w3.org; Kjell Rydjer; steve@shinkuro.com;
krss> public-usable-authentication@w3.org
krss> Ämne: Re[2]: DNSSEC indicator

krss> DNSSEC does not exist.

krss> I don't see any top TLD CA infrastructure agreement
krss> breakthroughs on any horizons, so I doubt DNSSEC is going to
krss> appear (excluding a few minor/unpopular TLDs) in the next few
krss> years, and I highly doubt more than a fraction of a percent of
krss> the internet would have it deployed before the end of this
krss> decade.

krss> Trying to get folks to install a DNSSEC indicator in a UI
krss> would be like asking people to install a hygrometer in their
krss> cars: yeah sure - maybe one day later this century when some
krss> cars run on hydrogen, it might be slightly interesting to
krss> someone... but seriously...

krss> Kind Regards,
krss> Chris Drake
Received on Friday, 27 April 2007 12:39:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:15 GMT