[Discuss] Why the dislike of X.509?
Richard Pieri
richard.pieri at gmail.com
Tue Aug 26 13:29:56 EDT 2014
On 8/26/2014 1:07 PM, Derek Atkins wrote:
> So where does DNS come in? I think most DNS experts would define it as
The database -- all of the RRs and such -- is distributed. The system
itself is a collection of centralized hierarchies with each central
point being the root for each top-level domain. Any so-called expert who
describes it otherwise is either not as expert as they think or being
deliberately obtuse.
> a "distributed" system. However there *is* a single entity that has
> authority -- the root servers. Compromise of that would compromise the
> whole DNS system.
Precisely.
> However there are watchdogs all over the world whose
> role is preventing that.
Yes, there are. This is one of the things that distinguishes DNS from
SSL: there are no watchdogs over the root SSL authorities. By design.
--
Rich P.
More information about the Discuss
mailing list