Anne & Lynn Wheeler wrote: > it would be really great to make it an excuse to move away from offline > paradigm to real online operation ... getting totally rid of the need for > domain name certificates ... DNS serving up both ip-addresses and public > keys in single operation.
That can't happen until we make sure you can trust DNS, which in turn can't happen until we get a concrete proposal that has clearly defined goals and isn't braindead. As has been amply pointed out, it's not clear that DNSSEC will cut it anytime soon. (These days, the complaints even come with illustrations: http://www.matasano.com/log/772/a-case-against-dnssec-count-2-too-complicated-to-deploy/). -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
