[ynik]

A single trusted root is better than the hundreds of roots in the CA system. I don't trust Verisign very far, but I certainly trust them more than Verisign AND Diginotar AND honest achmed's used cars and certificates AND ...

And shouldn't it be possible to implement certificate pinning for whole tlds? Then we'd only have to trust root for unknown tlds.

[tptacek]

First, you don't get "a single trusted root". If DNSSEC/DANE had been deployed 3 years ago, Qhadaffi's Libyan government would have effectively been the CA for BIT.LY.

Second, and more importantly: the smaller number of trust anchors you end up with in DNSSEC are controlled by world governments.

It seems absurd to me that the Internet's response to the "global passive adversary" of NSA would be to hand the entire PKI system over to the USG formally. That's what DNSSEC does.

[dlitz]

> ...Qhadaffi's Libyan government would have effectively been the CA for BIT.LY.

They already are, in practice. Many reputable CAs will issue certificates to anyone who can forge an MX record for a domain. With or without DNSSEC, TLD operators are capable of forging those records.

>It seems absurd to me that the Internet's response to the "global passive adversary" of NSA would be to hand the entire PKI system over to the USG formally. That's what DNSSEC does.

No, DNSSEC builds authentication into a system that is and has always been centrally controlled. And just like with the X.509 CA system, you can use pinning or Convergence or anything else you want to supplement that.

[tptacek]

You shouldn't start a sentence with "no" when it confirms the sentence it's responding to.