Nicolas Williams wrote: > Which means that the MITM would need the cooperation > of the client's provider in many/most cases (a > political problem) in order to be able to quickly get > in the middle so close to a leaf node (a technical > problem).
Not a very large political problem. Most ISPs not only roll over for the DOJ, the FBI, and the DHS, they also roll over for the russian mafias. With the root key and the cooperation of nodes close to the client, you can intercept SSH and SSL communications that rely on DNSSEC. Without the root key, you cannot. This is huge. This, of course, means the sensible man configures SSH not to rely on DNSSEC by default, which substantially reduces the benefit of SSH. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]