On Tue, 27 Aug 2013 23:39:51 -0400 Jerry Leichter <leich...@lrw.com>
wrote:
> It's not as if this isn't a design we have that we know works:
> DNS.

As I said elsewhere: as a practical matter, almost no one using email
is a DNS administrator. This therefore cannot possibly deploy in
finite time for the average user. If your mailbox is in a domain name
controlled by someone else, you may wait effectively forever for
permission. Indeed, DNSSEC itself has waited forever as a result of
that.

Furthermore, this is unacceptable because the trust model is
unacceptable. If you are a user of gmail, for example, it implies
that Google is in the trust loop for telling the world security
critical information, like, for example, your key. Sovereign
threats can order Google to insert different keys at will.

As I've said elsewhere: the DNS is a very architecturally tempting
idea for all of this. I fully understand why people would want to do
it that way. It is not, however, practical if one wants to deploy in
months and not decades, and it makes trust entirely hierarchical.

Perry
-- 
Perry E. Metzger                pe...@piermont.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to