- From: Dick Hardt <dick@sxip.com>
- Date: Fri, 27 Apr 2007 11:11:29 +0200
- To: "Ben Laurie" <benl@google.com>
- Cc: "Dan Schutzer" <dan.schutzer@fstc.org>, "Thomas Roessler" <tlr@w3.org>, michael.mccormick@wellsfargo.com, ses@ll.mit.edu, public-wsc-wg@w3.org, kjell.rydjer@swedbank.se, steve@shinkuro.com, public-usable-authentication@w3.org
On 27-Apr-07, at 11:04 AM, Ben Laurie wrote: > On 4/26/07, Dick Hardt <dick@sxip.com> wrote: >> fwiw I have always envisioned the significant impact of DNSSEC was to >> provide a "trusted" method for tying the public key used in TLS to >> the domain name bypassing the "leaky" CA infrastructure. > > What do you mean by "leaky"? Also, why do you think the DNS > infrastructure would be less "leaky"? DNSEC provides a tighter binding of the public key to the domain name then the current CA infrastructure that has been shown to issue certs for domains to entities other then those controlling the domain. -- Dick
Received on Friday, 27 April 2007 09:11:54 UTC