- From: James A. Donald <jamesd@echeque.com>
- Date: Fri, 27 Apr 2007 07:32:29 +1000
- To: Dick Hardt <dick@sxip.com>
- CC: Dan Schutzer <dan.schutzer@fstc.org>, Thomas Roessler <tlr@w3.org>, michael.mccormick@wellsfargo.com, ses@ll.mit.edu, public-wsc-wg@w3.org, kjell.rydjer@swedbank.se, steve@shinkuro.com, public-usable-authentication@w3.org, Ben Laurie <benl@google.com>
Dick Hardt wrote: > fwiw I have always envisioned the significant impact > of DNSSEC was to provide a "trusted" method for tying > the public key used in TLS to the domain name > bypassing the "leaky" CA infrastructure. CA architecture was designed to tie certificates to true names - trouble is that the user is not necessarily seeking to interact with a true name, but with a trusted domain, or, more commonly, with a particular domain that some trusted domain has linked to.
Received on Thursday, 26 April 2007 21:32:45 UTC