Am 30.08.18 um 01:24 schrieb David Conrad:
To clarify, the Board has not been not indecisive. They haven’t yet been asked to make a decision on rolling the KSK.
Which is extremely late ...
We (staff) would love to hear thoughts on benefits of DNSSEC/DANE (we know of some, but would be interested in hearing others). However, this may be a bit out of charter for this mailing list.
Where to discuss this? In short: 1. TLS is vulnerable to MITM-attacks with intermediate certificates (e.g. firewall applications) -> DANE-TLS solves that problem 2. Free (self-signed) client- or server certificates without the risk of fraudulent or incompetent CAs 3. Easy and secure public key exchange and revocation for any application with end-to-end encryption (e.g. email: DANE-SMIMEA, DANE-OpenPGP, VPN, messengers, online services, embedded devices, ...) Renne