[Ajedi32]

If you insist on such a narrow definition of the term "trust" then yes you're technically correct. But it also reduces your entire argument into one of semantics; there's no security impact to adding a new "trust anchor" as you're defining the term.

[tptacek]

No, sorry, you're not getting away with that argument. We're not debating "trust"; we're debating "trust anchors". "Trust anchor" is a term of art with a specific meaning, and you can't pretend I'm the one trying to exploit a technicality when you've built an argument whose premise is an idiosyncratic redefinition of the term.

Besides that, you were just plain wrong, twice (you doubled down when I showed the quote that refuted your claim). It's fine to be wrong; I'm wrong all the time! But stubbornly refusing to acknowledge when you're plainly incorrect to the extent where you redefine words is not a good look.

[Ajedi32]

Okay, that's fair. You've won the semantic argument, I was wrong to argue that DANE doesn't add new "trust anchors".

The central point of your comment is still completely wrong though. DANE does _not_ add new trusted actors, and has no significant negative security impact.

[tptacek]

"Trusted actor"? Seriously?

[Ajedi32]

That's the term magila used in the comment you originally replied to near the start of this thread before you started the whole semantic debate about "trust anchors". Ultimately, trust is something you place in people and organizations, not inanimate cryptographic primitives.

[tptacek]

Ah, you're right, fair enough; I read it as "trust anchor" (because that's the real term). Sorry for snarking.