Comment on EU Article 45 requires that browsers trust certificate authorities appointed by governments

<- View Parent
uis@lemmy.world ⁨1⁩ ⁨year⁩ ago

DNSSEC keys are signed in the same recursive manner SSL certificates are.

That’s why I said there is already there is already distributed PKI.

Chain of trust doesn’t disappear just because you use a new acronym.

The thing with SSL, for you, as a government, one of 142 root certificates is enough to spoof on any domain, while DNS has only one root certificate and good luck getting that. And if you don’t trust DNS, then who you even trust then? DNS is how major CAs check if you really own that domain. Because, you know, domains are part of DNS. Shocking, I know.

Or you can use public keys as addresses somewhere like I2P.

source
Sort:hotnewtop