Re: https at ietf.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Phillip,

Yes, ICANN took advantage of a large existing knowledge base to create a method of securing the root KSK. It would have been foolish to do otherwise.
David asserted that the processes used by ICANN provided greater security than those for PKIX PKI, I was pointing out that the claim made is false.

This is the second time you have falsely claimed I have made assertions that I have not.

Please stop.

I have said precisely nothing about the processes of the PKIX PKI other than I understood the operation of the DNSSEC root KSK to be more public and open than "the operation of (many? most? all?) commercial CAs". 

If you disagree with that statement, please provide evidence that shows commercial CAs operating at least as openly and transparently as ICANN's handling of the DNSSEC root KSK.

Whether this increased level of openness/transparency provides greater security may be an interesting topic to explore, but I have not made any assertions to that effect in this thread.

When someone repeats FUD after having the issue explained to them repeatedly I tend to start speaking plainly.

Again, you appear to having conversations outside of the context of this thread and misattributing those conversations.  

Please stop.

If you have evidence I have repeated FUD, please provide it.

So I don't have to fix DNSSEC, all I need to fix here is to have David and others stop making claims for the protocol that are not supported by evidence.

I am unaware of any claim I might have made regarding DNSSEC that is not supported by evidence.  Can you please provide a reference to such a statement.  Thanks.

Regards,
-drc

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]