Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
Convergence: User-controlled SSL certificate checking
Posted Oct 29, 2011 14:37 UTC (Sat) by michi (guest, #60274)
I agree with you that shifting the trust to DNS providers will not really solve much. But my point was actually: If the dnssec cannot be trusted, why should perspectives be trusted?
However, I still think DNSSEC is good. First it can be implemented additional to CAs, so there are 2 layers of security. Second, only the dns provider can compromise a specific site and not a huge number of unrelated organisations.
The approach I like best is using .onion like addresses with the crypto key encoded in the url.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds