On 12/08/2013 10:21 AM, Phillip Hallam-Baker wrote:
As I pointed out, what I was objecting to was yet another iteration of someone asserting that the DNSSEC PKI is different from the CA system in a way that it is not actually different. So I don't have to fix DNSSEC, all I need to fix here is to have David and others stop making claims for the protocol that are not supported by evidence.
Um, no. What you originally asserted was that the root was vulnerable to being hijacked by an NSL. You have yet to provide any evidence of that, and when confronted by evidence to the contrary you changed the subject.
So leaving aside the fine points of PKI and how they do or do not relate to the root, do you have _any_ evidence to support your original assertion?
Doug