On 09/07/2013 05:03 PM, Phillip Hallam-Baker wrote:

Good theory only the CA industry tried very hard to deploy and was prevented 
from doing so because Randy Bush abused his position as DNSEXT chair to prevent 
modification of the spec to meet the deployment requirements in .com.

DNSSEC would have deployed in 2003 with the DNS ATLAS upgrade had the IETF 
followed the clear consensus of the DNSEXT working group and approved the 
OPT-IN proposal. The code was written and ready to deploy.

I told the IESG and the IAB that the VeriSign position was no bluff and that if 
OPT-IN did not get approved there would be no deployment in .com. A business is 
not going to spend $100million on deployment of a feature that has no proven 
market demand when the same job can be done for $5 million with only minor 

And this is exactly why there is no real security on the Internet.  Because the 
IETF and standards committees and working groups are all in reality political 
fiefdoms and technological monopolies aimed at lining the pockets of a select 
few companies deemed "worthy" of authenticating user documentation for purposes 
of establishing online credibility.

There is no reason for any of this, and I would once again cite to Bitcoin as 
an example of how an entire secure online currency standard can be created and 
maintained in a decentralized fashion without the need for complex hierarchies 
of quasi-political commercial interests.

Encrypting SMTP is trivial, it's all about the standard to make it happen.  
Encrypting IPv6 was initially a mandatory part of the spec, but then it somehow 
became discretionary.  The nuts and bolts of strong crypto have been around for 
decades, but the IETF and related standards "powers to be" are more interested 
in creating a global police state than guaranteeing some semblance of 
confidential and privacy for Internet users.
The cryptography mailing list

Reply via email to