Matt Corallo wrote:
Note that diginotar was advertised to be operated with HSMs and four-eyes principle, which means both of them were proven to be untrustworthy marketing hypes.
Even more reason to do DNSSEC stapling!
See hypes of HSMs and four-eyes from DNSSEC operators.
This is totally unrelated to the question at hand. There wasn't a question about whether a user relying on trusted authorities can maybe be whacked by said trusted authorities (though there's been a ton of work in this space, most notably requiring CT these days),
So, let's recognize ISPs as trusted authorities and we are reasonably safe without excessive cost to support DNSSEC with all the untrustworthy hypes of HSMs and four-eyes principle.
it was purely about whether we can rely on pure "I sent a packet to IP X, did it get to IP X", which *is* solved by DNSSEC.
That's overkill. See above for the proper solution. Masataka Ohta