Florian Weimer wrote:
> No, because DNSSEC, as it will be deployed, is not a PKI. There is no
> registration process which is universally agreed upon.
A PKI with a universally agreed registration process of "it depends"
is still a PKI.
However, a problem of PKI is that, even if such a process is agreed
upon, the process is not cryptographically enforced, which means PKI
is not cryptographically secure.
> but this still doesn't give you a globally interoperable PKI.)
As "universal" is a wiesel word with its own scope, a PKI is not
necessarily globally interoperable.
Masataka Ohta
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
