Theodore Ts'o wrote:
> More importantly, what problem do people think DNSSEC is going to
> solve?
Insufficient revenue of registries.
> It is still a hierarchical model of trust. So at the top, if you
> don't trust Verisign for the .COM domain and PIR for the .ORG domain
> (and for people who are worried about the NSA, both of these are US
> corporations), the whole system falls apart.
Right. PKI is fundamentally broken, because its fundamental
assumption that trusted third parties could exist is a total
fallacy.
Masataka Ohta
