nanog mailing list archives
Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)
From: Tony Finch <dot () dotat at>
Date: Mon, 12 Sep 2011 22:37:18 +0100
Mike Jones <mike () mikejones in> wrote:
DNSSEC deployment is advanced enough now to do that automatically at the client.
Sadly not quite. DNSSEC does have the potential to provide an alternative public key infrastructure, and I'm keen to see that happen. But although it works well between authoritative servers and recursive resolvers, there are a lot of shitty DNS forwardersin CPE and captive portals and so on which do not understand DNSSEC. And DNSSEC does not work unless all the forwarders and recursors that you are using support it. So DNSSEC on the client has a long way to go. Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ Hebrides, Southeast Bailey: Westerly 5 to 7 until later in south Hebrides, otherwise northwesterly 3 or 4, increasing 5 to 7. Rough or very rough, occasionally high in south Hebrides. Rain or showers. Good, occasionally poor.
Current thread:
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates), (continued)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Michael Thomas (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Randy Bush (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Ted Cooper (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Martin Millnert (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Michael Thomas (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Tony Finch (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Marcus Reid (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Gregory Edigarov (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Jasper Wallace (Sep 12)
- Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates) Jimmy Hess (Sep 12)