On 19-jul-2005, at 12:11, Brad Knowles wrote: [need to trust the DNS system]
Actually, you don't. If the DNS provides false information, the public key crypto will catch this. Sure, you won't be able to communicate, but you can't be fished that way.
What public key crypto are you talking about?
The public key crypto that powers the authentication in SSL.
I don't see why this would need to be "fixed". We're not talking about 5 year olds, people need to be able to cross the road without someone holding their hand.
You're on a slippery slope here. At what point do you think that you can stop protecting the users? How do you justify that?
I justify it because "protecting" users agains the fact that similar looking/sounding names actually map to completely different things ultimately can't be done, so it's better to not do it at all so users get burned by relatively harmless examples of this phenomenon (www.gougle.com and the like) so they understand it and foster the appropriate level of distrust.