On Sep 12, 2013, at 7:24 AM, Theodore Ts'o <tytso@xxxxxxx> wrote: > It is still a hierarchical model of trust. So at the top, if you > don't trust Verisign for the .COM domain and PIR for the .ORG domain > (and for people who are worried about the NSA, both of these are US > corporations), the whole system falls apart. This isn't _quite_ true. DNSSEC supports trust anchors at any point in the hierarchy, and indeed I think the right model for DNSSEC is that you would install trust anchors for things you really care about, and manage them in the same way that you manage your root trust anchor. E.g., you'd install a trust anchor for your employer, and your bank, and maybe your local town government. This is all future UI work, of course. Furthermore, if the root key is compromised and that is then used to substitute a bogus key, it isn't that hard to notice that this has happened, and indeed we ought to be systematically noticing these things. So hacking the root key is certainly a valid threat, but there is a great deal more transparency in the DNSSEC system than in the TLS PKI, and that should mean that the system is more robust in the face of this kind of attack. That said, multiple independent systems used together, managed separately, will likely also add value, so TLS PKI + DNSSEC is probably better than TLS PKI or DNSSEC separately, modulo DoS attacks, which in this case would be easily detected and fixed.