W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2007

Re: DNSSEC indicator

From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 27 Apr 2007 23:29:20 +0200
To: Dick Hardt <dick@sxip.com>
Cc: "Ben Laurie" <benl@google.com>, "Dan Schutzer" <dan.schutzer@fstc.org>, "Thomas Roessler" <tlr@w3.org>, michael.mccormick@wellsfargo.com, ses@ll.mit.edu, public-wsc-wg@w3.org, kjell.rydjer@swedbank.se, steve@shinkuro.com, public-usable-authentication@w3.org
Message-ID: <87zm4tld5b.fsf@mid.deneb.enyo.de>

* Dick Hardt:

> DNSEC provides a tighter binding of the public key to the domain name
> then the current CA infrastructure that has been shown to issue certs
> for domains to entities other then those controlling the domain.

You can't really compare a non-deployed protocol to a broken process.
The result is meaningless.  When deployed, the protocol might end up
with broken processes, too.
Received on Friday, 27 April 2007 21:29:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:15 GMT