Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the point is that once we hve DNSSEC, we have no way around. With the CA system there is lots of room to improve on it, without more centralisation.

Im not a expert but thats my take so far.



We've had CAs for two decades already and they haven't improved much, why would their third decade be different?


The demand for change is growing and many project working on this show this. There is lots going on, much more then I can see going on in the DNS space. People are deploying more and more https and browser vendors, research and the open source community are working on it.

Project like Lets Encrpyt, CertCA on the CA side. Certificate Transparency on the standard side. Inside of the Browser you have HTTPS Everywhere, SSL Overservatory and things like Convergence.

Are this many people working on activlly innovating on DNSSEC and DANE? If they exists, I dont see them.

Also, even if they exists, once the system is centralised, its almost impossible to move it forward. In the CA system, I as a individuall can do more for my own security.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: