On 11/10/2008 09:52 PM, Nelson Bolyard:
Anders Rundgren wrote:
I haven't followed this lengthy discussion in detail but I have for a long
time wondered how DNSSEC and SSL-CA-Certs should coexist.
Which one will be the "most" authoritative?
Could DNSSEC (if it finally succeeds) be the end of SSL-CA-certs?
DNSSEC only attempts to ensure that you get the (a) correct IP address.
It does absolutely nothing to ensure that you actually are connected to
the site you wanted. It doesn't obviate SSL or PKI at all.
I believe it would only strengthen domain and email validation
procedures as the CA has means to verify DNS response better.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
