* Masataka Ohta:
> Anyway, the other problem of DNSSEC is that PKI, as a concept, is
> fundamentally broken, against which no PKI protocol can be useful.
I think we need to recast DNSSEC as mere transport protection measure.
It might be a overengineered for this purpose, but it's what we've got
now. At this stage, I doubt that a simpler, more lightweight protocol
could be deployed with less effort.
I think I can understand your pains. With hindsight, the original
IPv6 design ("Simple Internet Protocol") turned out to be superior to
the current spec, too. It 's not fair, but unfortunately, it doesn't
matter. 8-(
--
Florian Weimer <[EMAIL PROTECTED]>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
