User: Password:
|
|
Subscribe / Log in / New account

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 30, 2012 9:51 UTC (Mon) by copsewood (subscriber, #199)
In reply to: This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired) by robert_s
Parent article: This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

The only technology which seems remotely likely to solve this PKI problem is DNSSEC. The HTTPS CA system was too expensive and inflexible and has shot itself in the foot by trying to solve the cost/inflexibility problem by having more CAs. Few end users seem ever likely to want both to learn how to and carry out the maintenance needed to sustain a web of trust based on multiple GPG partial identity trusts.

The main complaints I've heard about DNSSEC are that it isn't widely enough used yet, and we all have to trust ICANN. The first is a chicken & egg problem affecting all new network technology. As the second, nothing to prevent local admins installing a different root zone provider trust anchor if they don't trust ICANN not to mis-sign a TLD that matters to them. In practice technologies such as convergence designed to fix the current CA problem are likely to be more effective if and when used for holding significant DNSSEC signing authorities to account.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds