[ksk-rollover] Current status of KSK-RollOver?

Rene 'Renne' Bartsch, B.Sc. Informatics ml at bartschnet.de
Thu Aug 30 06:21:33 UTC 2018



Am 30.08.18 um 01:24 schrieb David Conrad:

> To clarify, the Board has not been not indecisive. They haven’t yet been asked to make a decision on rolling the KSK.

Which is extremely late ...

> We (staff) would love to hear thoughts on benefits of DNSSEC/DANE (we know of some, but would be interested in hearing others). However, this may be a bit out of charter for this mailing list.

Where to discuss this?

In short:

1. TLS is vulnerable to MITM-attacks with intermediate certificates (e.g. firewall applications) -> DANE-TLS solves that problem
2. Free (self-signed) client- or server certificates without the risk of fraudulent or incompetent CAs
3. Easy and secure public key exchange and revocation for any application with end-to-end encryption (e.g. email: DANE-SMIMEA, DANE-OpenPGP, VPN, messengers, online services, embedded devices, ...)


Renne


More information about the ksk-rollover mailing list