> On Nov 17, 2018, at 6:07 AM, Lanlan Pan wrote:
>
> And TLS's distribute certificate exchange maybe better than DNSSEC's
> centralized trust anchor.
In principle, yes, when one carefully selects just the appropriate
trust anchor(s) for a given task. Some applications do use specific
Personally I think the low rate of dnssec deployment on SLD authoritative
server and recursive resolver is the problem.
And TLS's distribute certificate exchange maybe better than DNSSEC's
centralized trust anchor.
Ryan Carboni 于2018年11月8日周四 下午4:44写道:
> Hmm. TLS has gotten too complex. How does