> On 26 Feb 2019, at 21:58, Bill Woodcock <wo...@pch.net> wrote:
>
>
>
>> On Feb 26, 2019, at 8:12 AM, John Levine <jo...@iecc.com> wrote:
>>
>> In article
>> <CAD6AjGTBNZ8wTv6Y1KgTvNaW6Zi87RLprQK2Lg=d0evK8ot7=g...@mail.gmail.com> you
>> write:
>>> Swapping the DNS cabal for the CA cabal is not an improvement. Right? They
>>> are really the same arbitraging rent-seekers, just different layers.
>>
>> The models are different. If I want to compromise your DNS I need to
>> attack your specific registrar. If I want a bogus cert, any of the
>> thousand CAs in my browser will do.
>
> Exactly. And if you’re an organization that has money and pays attention to
> DNS and security, you can get yourself a TLD, and be your own registry, at
> which point you only need to worry about the security of the root zone.
Interesting.
Never thought of new TLD from this angle :)
--
Nico
