W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2007

Re: DNSSEC indicator

From: Dick Hardt <dick@sxip.com>
Date: Sat, 28 Apr 2007 09:06:52 +0200
Message-Id: <BBBC7EDF-2F31-400B-B7D0-1145EA3741E6@sxip.com>
Cc: "Stuart E. Schechter" <ses@ll.mit.edu>, "Dan Schutzer" <dan.schutzer@fstc.org>, "Thomas Roessler" <tlr@w3.org>, "michael.mccormick@wellsfargo.com" <michael.mccormick@wellsfargo.com>, kjell.rydjer@swedbank.se, steve@shinkuro.com, public-usable-authentication@w3.org
To: "Ben Laurie" <benl@google.com>


On 28-Apr-07, at 8:58 AM, Ben Laurie wrote:

>>    When I register a domain name, the registrar is involved in that
>> transaction and establishes a means to authenticate me in the  
>> future so that
>> I can change my domain registration information.  Similarly, if I  
>> transfer a
>> domain to a register, I do not do so until establishing a means of
>> authenticating myself to that registrar.  This authentication  
>> information is
>> an important component of the business relationship that is  
>> established at,
>> or before, the time a domain name is registered (or transferred).
>
> I am aware of all of this, of course - but as is common when high
> volumes and low margins are involved this authentication mechanism is
> totally automated (and typically weak), including recovery of
> passwords and the like. So, I fully expect them to get subverted when
> it is profitable to do so.

All the more reason for a move to stronger authentication coupled  
with identity protocols (not that I am biased or anything :-) ... but  
this is another technical problem that is solvable. The CA correctly  
identifying that I am the owner of a domain is a business process  
that is not easily solvable with technology.

I think we are getting way off the topic of the thread though (partly  
my fault, sorry), which was should there be an indicator of DNSSEC  
exposed to the user through the browser.

I would agree with it being part of "advanced information" and a  
secondary indicator, not a primary indicator.

-- Dick
Received on Saturday, 28 April 2007 07:07:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:15 GMT