Brian E Carpenter wrote: > Don't forget that > the uniqueness property of a domain name is used to guarantee uniqueness > in other, derived, namespaces, How is it guaranteed? That is, who pays how much if the broken uniqueness resulted in loss of, say, $1,000,000? Without proper guarantee, based on the amount of money and risk of each transaction, PKI (including SDNS) can not be used for serious security purposes and is merely an overly complex way for abstract security such as just checking IP addresses through 3 way handshake. Masataka Ohta PS PKI has nothing to do with E2E. As CAs and DNS servers are intermediate systems, neither PKI nor DNS are E2E. As intermediate systems, they don't have any information on ongoing transaction that they can't give any real guarantee. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf