DNSSEC - does it exist?
Dick Hardt
dick at sxip.com
Tue Oct 24 03:53:11 UTC 2006
On 23-Oct-06, at 7:53 PM, Eddy Nigg (StartCom Ltd.) wrote:
> James A. Donald wrote:
>> DNSSEC cannot really be said to exist until there are well known
>> master root public keys for most well known top level domains.
> Supposed, that a few major players involved in OpenID and with the
> needed background (without mentioning names) could provide such a
> DNSSEC service AND the IDP's would be required to have their DNS
> hosted at one or two of these, than all the RP's could verify the
> responses received, since the singers would be known to the RP's
> (even build into the libraries). This would make RP's extremely
> secure.
>
> But I guess, that requiring an IDP to secure its DNS this way is
> out of question, if we can't have regular SSL as a requirement to
> start with.... ;-)
We need to crawl before we can start running.
DNSSEC is useful tech. Many things need to happen before we can use it.
-- Dick
More information about the general
mailing list