[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNSSEC and SSL

Subject: DNSSEC and SSL
From: gary.buhrmaster at gmail.com (Gary Buhrmaster)
Date: Sat, 21 Aug 2010 18:46:39 -0700
In-reply-to: <[email protected]>
References: <[email protected]>

On Sat, Aug 21, 2010 at 18:00, ML <ml at kenweb.org> wrote:
> Would a future with a ubiquitous DNSSEC deployment eliminate the market
> for commercial CAs?
>
> Would functioning DNSSEC + self signed certs be more secure/trustworthy
> than our current system of trusted CAs chosen by OS/browser developers?

See Dan Kaminski's presentation at this years BlackHat & Defcon
for a proposal, and the prototype "glue" that provides a proof of
concept.  http://www.recursion.com/talks.html (I seem to recall
the X.509/CA part starts about 3/4 of the way through the deck).

That said, Dan does not suggest that everything a CA does
is obsolete, there will still be a market for making sure that
BankOfAmerica.com really is the bank you want to do
business with (branding).

References:
- DNSSEC and SSL
  - From: ml at kenweb.org (ML)

Prev by Date: DNSSEC and SSL
Next by Date: DNSSEC and SSL
Previous by thread: DNSSEC and SSL
Next by thread: DNSSEC and SSL
Index(es):
- Date
- Thread