On Sun, Aug 10, 2014 at 10:36:29AM -0400, John C Klensin wrote: > [...] DNSSEC is most decidedly a PKI, with roughly the same security and naming semantics as PKIX, differing only in the details. DNSSEC is also decidedly superior to the Web PKI, mainly because DNSSEC has strong naming constraints, while the Web PKI has none to speak of, and because DNSSEC truly has a single root (for now) and is truly hierarchical, while the neither is true of the Web PKI. As far as naming goes, both PKI and DNSSEC have equivalent semantics for what PKIX calls dNSName. There are names that PKIX supports or could that DNSSEC can't easily, but that's of little interest here. DNSSEC has nothing like CPS, but CPS is a fiction, and if it weren't it could easily be added to DNSSEC anyways. DNSSEC does have problems: - The same "CAs can MITM" problem as PKIX. DNSSEC is much better than the Web PKI for this because there's many fewer CAs (registrars) that can MITM any given domain in DNSSEC than in the Web PKI. - DNSSEC does not provide confidentiality of protection for lookups and answers (while PKIX has no real directory service to speak of). - DNSSEC currently uses relatively small RSA keys, and large keys make for amplification attack problems. This can be fixed by sprinkling some DJB crypto technology, namely EdDSA. By all means talk about the above problems if you like, but don't spread FUD about DNSSEC. DNSSEC is absolutely not worse than the Web PKI (unless you think the small RSA keys are a bigger problem than all the problems the Web PKI has, and if you do, I've a bridge to sell you). Nico --