* Masataka Ohta: > Now, I'm saying, for these 10 years, that PKI, including DNSSEC, > is broken. > > Can't you simply believe me?
No, because DNSSEC, as it will be deployed, is not a PKI. There is no registration process which is universally agreed upon. As a result, a DNSSEC signature carries no semantic value. (It's possible to change this through local configuration, but this still doesn't give you a globally interoperable PKI.) -- Florian Weimer <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
