These are not criticisms btw. At least you offer something for some class of users. But is the scope big enough to launch a successful security infrastructure in the open world?
Furthermore, with DNSSEC, some central authority (and its associated procedure) still appears somewhere in the process. Admittedly, this one is probably less centralized and more open than X.509 CAs. But since the beginning, and of course even more in recent times, I've favoured more spontaneous/original approaches, like the PGP web of trust. Maybe this is the case also because it still seems more innovative to me. (A classical centralized and governement-oriented certification process, like for birth registration for example, is still useful, but somehow old fashioned...:-)
Finally, what makes you think proving your identity is such a "quite difficult social problem"?
Proving your identity to everyone in the world, with certainty, at governement-level security (with respect to nationality for example) and for a long time certainly is; but do we really need that everyday? Most of everyday life tasks are accomplished without using an identity card, many are entirely anonymous. On the net, self-signed certificates can be useful too (e.g. I certainly trust more lwn.net's than several much more costly ones, especially for reading your answer).
Why not try to isolate more practical and self-contained problems which necessitate a security solution and try to solve them separately?
BTW, we actually converge on our views if your concern is to secure DNS and use it to improve the (net) access to your own home computers securely. For that, DNSSEC sounds pretty good.
Astonishlingly, sometimes I have the feeling that, in this area of combined computer security and free software, we are as much in search of a problem that can be realistically solved than in search of an ideal technical solution. (And, what's an engineer without a problem to solve... ;-)
Maybe we need to look more closely to clarify the users' needs in this domain. (After all, in this area, users are frequently ignorant or even lying about their needs.)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds