> From: Spencer Dawkins <spencerdawkins.ietf@xxxxxxxxx> > I have to wonder whether weakening crypto systems to allow pervasive > passive monitoring by "national agencies" would weaken them enough for > technologically savvy corporations to monitor their competitors, for > instance. More importantly, if crypto systems are weaked so that the intelligence agencies of the 'good guys' can monitor them, they're probably weak enough that the intelligence agencies of the 'bad guys' can monitor them too. The smarts level on the other side should not be under-estimated, although I fear this often happens. > From: Ted Lemon <ted.lemon@xxxxxxxxxxx> > What we should probably be thinking about here is: > - Mitigating single points of failure (IOW, we _cannot_ rely > on just the root key) > - Hybrid solutions (more trust sources means more work to > compromise) > ... > - Multiple trust anchors (for stuff that really matters, we > can't rely on the root or on a third party CA) I'm not sure if this is entirely responsive to your points here, but it is possible to have multiple 'root trust anchors' with the DNS. I have worked this out in some detail, which I won't give here. But basically the concept is that multiple entities (e.g. IEEE, EFF, add-your-favourite here) can all sign the root zone (independently, but in parallel), and also any subsidiary zones they care about (e.g. .EDU). (Signing everything all the way down is clearly impractical, but if you can n-way secure the root of the tree, that will help.) I seem to recall that DNSSEC as it stands could deal with this; the real issue would be gaining agreement from the zone owner to include multiple signatures. Of course, it's possible to distributed those signatures in other ways, but that would require new mechanism. Noel