North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: wrt joao damas' DLV talk on wednesday
- From: Randy Bush
- Date: Tue Jun 13 17:54:15 2006
> no bank in its right mind, for example, would allow its identity
> to be held or represented by a middleman whose security policies
> weren't auditable.
> this is why we're trying to sign up some registrars, starting
> with alice's, who can send us blocks of keys based on their
> pre-existing trust relationships.
i think you might see why i am confused. do you propose to audit
alice? as rick says, this is unfortunately trivial, as the signed
registrations are zero <sigh>.
btw, i fully admit that i have not thought through a detailed
policy and process for a dlv registry. then again, i am not
proposing to deploy one. yep, criticism is cheap. but then, i
have not charged much :-).
like some other technologies i'll not mention in this message,
dnssec has been a typical non-deployable ivtf mis-design by
committee for half the lifetime of the internet itself. [ i left a
long trail of "this is badly broken. someone should have listened
to masataka." but have no idea if his 1/3 baked scheme would have
flown. ] and i sympathize with your desire to get any useful
flight milage out of the disaster. but, as this is a security
service, please register your flight plan.