On 10 Aug 2014, at 19:35, John Levine <johnl@xxxxxxxxx> wrote: >> From those perspectives, a registrar or registry who might >> collude with a criminal registrant to create deliberately >> deceptive names and associated registration data (or whose >> procedures allow similar results without explicit collusion) is >> fully as much part of the threat model as a CA that issues >> certificates without any attempt to verify the identity of the >> entity being certified or who colludes in deliberately hiding or >> distorting the information. > > As far as I can tell, we don't have a good word to describe what > DNSSEC does. Roy Arends used to call it “expensive error checking”. The only word left to argue about would be “expensive” as that is relative to the value of that being checked. Joao
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail