[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: opportunistic encryption deployment problems
On Tue, 21 Aug 2001, Jari Arkko wrote:
> While I do like how OE can be used from small to large deployment of
> DNSSEC, I'm concerned that (a) DNSSEC will eventually bring the same
> trouble as a large scale PKI would [such as the worries about people
> being able to control their reverse mappings or their DNS at all], and
> (b) it may not be the most effective weak authentication scheme [and
> it is weak until the root gets signed].
what makes DNSSEC weak just because the root is not signed? there is
nothing that stops us from signing the in-addr.arpa zone before root and
when this is done people can start trusting it immediately if they like to.
jakob
Follow-Ups:
References: