[ksk-change] Action #4 - Review Joe Abley's Internet Drafts

[Paul Hoffman]

Let me try to be less glib and more concise than Warren.

Warren wants "I trust that my TLS connection was not tampered with, and that the CA who signed the certificate for the transaction I made was both honest and correct" to be acceptable for download the DNSSEC trust anchor. He argues that, if we require more than that, people are just going to download the key without protection anyway.

Had I not typed that second bit, I would have said "no, that's not sufficient for loading a trust anchor". But that second bit is certainly correct, and it overrides my concerns about the first.

It is important to note the difference between the trust anchor for the DNS root and adding a trust anchor to the Web PKI. In the former, if the attacker ever lets you see a signed zone using the real trust anchor, that zone will not validate. Thus the attacker who gives you a bogus trust anchor has to prevent you from ever seeing the real DNS; otherwise you will quickly get suspicious.

It would be good for the document to reflect this consideration.

--Paul Hoffman