The cr.yp.to microblog: 2013.02.20 22:07:33

2013.02.20 22:07:33 (304336512839991296) from Daniel J. Bernstein, replying to "Tony Finch (@fanf)" (304316636289183746):

@fanf @colmmacc @matthew_d_green HTTPS/SSH/etc. use per-query crypto + trusted servers. DNSSEC/HTTPSEC claim no p-q c, no trusted servers.

Context

2013.02.20 20:07:49 (304306378481213440) from "Colm MacCárthaigh (@colmmacc)", replying to "Tony Finch (@fanf)" (304305454123716608):

@fanf @hashbreaker @matthew_d_green DNS serves routing data, not content data.

2013.02.20 20:12:58 (304307676576358400) from "Tony Finch (@fanf)", replying to "Colm MacCárthaigh (@colmmacc)" (304306378481213440):

@colmmacc @hashbreaker @matthew_d_green and TLSA or SSHFP couple the DNS chain of trust to the content transport, so what's missing?

2013.02.20 20:36:07 (304313501508325377) from Daniel J. Bernstein, replying to "Tony Finch (@fanf)" (304307676576358400):

@fanf @colmmacc @matthew_d_green Those proposals destroy _all_ of the claimed advantages of DNSSEC+HTTPSEC while keeping the problems.

2013.02.20 20:48:34 (304316636289183746) from "Tony Finch (@fanf)":

@hashbreaker @colmmacc @matthew_d_green Have you already written an explanation I can read somewhere? The slides don't say.