[cryptography] Request - PKI/CA History Lesson - the definition of trust
johnl at iecc.com
Sun May 4 21:50:20 EDT 2014
In article <EB40B06C-907F-42EE-BE88-45361561E734 at goldmark.org> you write:
>On 2014-05-03, at 3:22 AM, <pjklauser at gmail.com> <pjklauser at gmail.com> wrote:
>> Frankly, if we could "trust" in DNS, we would not need to "trust" in
>> web-PKIX  - since the one is just the bandaid for the other.
>Have you forgotten that routing can be subverted?
>Just because you are talking to the right IP address doesnt mean
>you are talking the right host.
Sure, but if the cert it presents has the hash in the DNSSEC signed
DANE record, it does.
More information about the cryptography