On Sun, Apr 11, 2021 at 12:20:28AM -0400, Phillip Hallam-Baker wrote:
> Only VERIFYING digital signatures provides security. And nobody knows what
> to do when DNSSEC validation fails so nobody really does it
This is false both in premise and conclusion. I was tempted to ignore
the rest of the post, but ...
> On the trust root issue. Alice should be the root of trust for Alice, Bob
> should be the root of trust for Bob. That is what I have been building. And
> with an application that secures data at rest without rendering it unusable.
I concur that the mesh is a good idea worth pursuing, you don't need to
try to prove everything/everyone else wrong in order be right.
If the mesh some day also ends up authenticating not only individuals
but also network services, so be it. I hope it works out.
--
Viktor.
