On Sat, Sep 7, 2013 at 2:19 AM, ianG <i...@iang.org> wrote: > On 7/09/13 10:15 AM, Gregory Perry wrote: > > Correct me if I am wrong, but in my humble opinion the original intent >> of the DNSSEC framework was to provide for cryptographic authenticity >> of the Domain Name Service, not for confidentiality (although that >> would have been a bonus). >> > > > If so, then the domain owner can deliver a public key with authenticity > using the DNS. This strikes a deathblow to the CA industry. This threat > is enough for CAs to spend a significant amount of money slowing down its > development [0]. > > How much more obvious does it get [1] ? > > iang >
I proposed essentially this idea around 10 years ago on the capabilities list, using custom TXT records and some hackish things that are/were sub-optimal due to DNSSEC being more of a pipedream then than it is now to deliver public keys for any arbitrary purpose. I only went so far as to kick around design ideas on and off-list back then under the tag-line of objectdns (as in being able to locate and connect to any arbitrary object via a public key crypto connection) and registering the domain objectdns.com. Things stalled out there due to my lack of copious free time. David Mercer - http://dmercer.tumblr.com IM: AIM: MathHippy Yahoo/MSN: n0tmusic Facebook/Twitter/Google+/Linkedin: radix42 FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography