On 19-jul-2005, at 12:11, Brad Knowles wrote:
[need to trust the DNS system]
Actually, you don't. If the DNS provides false information, the
public
key crypto will catch this. Sure, you won't be able to
communicate, but
you can't be fished that way.
What public key crypto are you talking about?
The public key crypto that powers the authentication in SSL.
I don't see why this would need to be "fixed". We're not talking
about
5 year olds, people need to be able to cross the road without
someone
holding their hand.
You're on a slippery slope here. At what point do you think
that you can stop protecting the users? How do you justify that?
I justify it because "protecting" users agains the fact that similar
looking/sounding names actually map to completely different things
ultimately can't be done, so it's better to not do it at all so users
get burned by relatively harmless examples of this phenomenon
(www.gougle.com and the like) so they understand it and foster the
appropriate level of distrust.
