On 26 Feb 2019, at 21:58, Bill Woodcock <woody@pch.net> wrote:
On Feb 26, 2019, at 8:12 AM, John Levine <johnl@iecc.com> wrote:
In article <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g@mail.gmail.com> you write:
Swapping the DNS cabal for the CA cabal is not an improvement. Right? They are really the same arbitraging rent-seekers, just different layers.
The models are different. If I want to compromise your DNS I need to attack your specific registrar. If I want a bogus cert, any of the thousand CAs in my browser will do.
Exactly. And if you’re an organization that has money and pays attention to DNS and security, you can get yourself a TLD, and be your own registry, at which point you only need to worry about the security of the root zone.
Interesting. Never thought of new TLD from this angle :) -- Nico