On 10/23/2012 04:17 PM, Paul Wouters wrote: > On Tue, 23 Oct 2012, Daniel Kahn Gillmor wrote: > >> I'm not saying DANE is a perfect solution (i particularly don't like the >> concentration of hierarchical power represented by the DNS) > > The hierarchical problem is pretty much an enigma case. If the root key > or the com key ever gets abused, for instance by providing custom records > with signatures to target someone specifically, and such a record ever > leaks out for us to verify, they will lose that trust forever, and the > UN or some other body will step in with a new method and trust model.
The global experience with CAs suggests that failure to prevent secret
key material abuse does not result in negative consequences for those
CAs that are "too big to fail". I don't see why that experience
wouldn't repeat itself for the key that signs the root zone or any of
the popular TLDs.
Anyway, cryptographic failures are only one part of the problem.
Political failures are at least as important, and the DNS has already
shown itself to be vulnerable to manipulation by powerful actors [0]. i
see no reason to believe that this sort of manipulation would stop short
of malicious DS record insertion once DNSSEC is in widespread use.
Regards,
--dkg
[0]
https://www.muckrock.com/foi/united-states-of-america-10/domain-name-seizures-329/#445469-responsive-documents
signature.asc
Description: OpenPGP digital signature
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
