DNSSEC - does it exist?
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Oct 24 02:53:46 UTC 2006
James A. Donald wrote:
> DNSSEC cannot really be said to exist until there are
> well known master root public keys for most well known
> top level domains.
Supposed, that a few major players involved in OpenID and with the
needed background (without mentioning names) could provide such a DNSSEC
service AND the IDP's would be required to have their DNS hosted at one
or two of these, than all the RP's could verify the responses received,
since the singers would be known to the RP's (even build into the
libraries). This would make RP's extremely secure.
But I guess, that requiring an IDP to secure its DNS this way is out of
question, if we can't have regular SSL as a requirement to start
with.... ;-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061024/98e13a7d/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061024/98e13a7d/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061024/98e13a7d/attachment-0002.bin>
More information about the general
mailing list