Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote: > > please figure out how to make DNS more reliable, more in sync with the > world, and less of a single point of failure and control, before > insisting that we place more trust in it. A while back, in the SIDR mail-list, a banking-level wish-list was published: ] ] - That when you establish a discussion with endpoint you are (to the ] best of current technology) certain it really is the endpoint. ] ] - That you are talking (unmolested) to the endpoint you think you are ] for the entirety of the session. ] ] - That what is retrieved by the client is audit-able at both the ] server and the client. ] ] - That retrievals are predictable, and perfectly repeatable. ] ] - That the client _never_ permits a downgrade, or unsecured retrieval ] of information ] ] - That Trust anchor management for both the client ssl and the PRKI ] is considered in such a way that it minimises the fact there is no ] such thing as trusted computing. How much of this is it reasonable to ask the DNS to do? -- John Leslie <john@xxxxxxx> _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf