On Fri, Sep 06, 2013 at 06:20:48AM -0700, Pete Resnick wrote: > > In email, > we insist that you authenticate the recipient's certificate before > we allow you to install it and to start encrypting, and prefer to > send things in the clear until that is done. That's silly and is > based on the assumption that encryption isn't worth doing *until* we > know it's going to be done completely safely. Speaking of which, Jim Gettys was trying to tell me yesterday that BIND refuses to do DNSSEC lookups until the endpoint client has generated a certificate. Which is bad, since out-of-box, a home router doesn't have much in the way of entropy at that point, so you shouldn't be trying to generate certificates at the time of the first boot-up, but rather to delay until you've had enough of a chance to gather some entropy. (Or put in a real hardware RNG, but a race-to-the-bottom in terms of BOM costs makes that not realistic.) I told him that sounds insane, since you shouldn't need a certificate/private key in order to do digital signature verification. Can someone please tell me that BIND isn't being this stupid? - Ted