[cryptography] [Cryptography] Email is unsecurable

Jeffrey Walton noloader at gmail.com
Wed Nov 27 16:01:01 EST 2013


On Wed, Nov 27, 2013 at 3:34 PM, Nico Williams <nico at cryptonector.com> wrote:
> On Wed, Nov 27, 2013 at 08:01:19PM +0000, Stephen Farrell wrote:
>> On 11/27/2013 06:58 PM, Nico Williams wrote:
>> > [...]
>>
>
>> The problem with DANE is the lack of DNSSEC. If we had both [...]
>
> When I refer to DANE, I also mean that DNSSEC must be there.  We're
> getting there.
Isn't the key distribution problem being pushed into DNS? The
underlying problem still exists.

Perhpas we could have higher confidence in DNS if it was not
controlled by the US. A diversification strategy won't work when 10 or
so of the 13 servers are required to give bad answers. That is, cross
checking A (Verisign) with, for example, E, F, G, and H (ISC, GOV and
DoD) won't validate anything.

And getting an authentic answer from a non-US controlled server is
another problem altogether.

Jeff


More information about the cryptography mailing list