[dns-operations] Implementation of negative trust anchors?

Mike Hoskins (michoski) michoski at cisco.com
Wed Sep 4 16:41:30 UTC 2013

-----Original Message-----

From: "ondrej.sury at nic.cz" <ondrej.sury at nic.cz>
Date: Wednesday, September 4, 2013 12:37 PM
To: "dns-operations at lists.dns-oarc.net" <dns-operations at lists.dns-oarc.net>
Subject: Re: [dns-operations] Implementation of negative trust anchors?

>>When the two seem to conflict, better education is the answer not
>> removing one's ability to
>> make choices.  There will always be use cases the smartest can not
>> fathom
>> which make perfect sense to someone you have not met...no matter how
>> well
>> intentioned we are, I don't believe controlling someone else's destiny
>> through force alone is the right path.  In my mind, this applies to
>> SSL/TLS, NTA, etc.
>This is not technical, but philosophical question about where do you
>draw the line.  Is your bank limiting your free choice by not providing
>the options to give free access to your money to random visitors?

Drawing the line indeed...but better examples in this case would be banks
allowing me to access my account on-line and even via mobile devices which
are statistically far less secure vs forcing me to present my account
information and hard copy ID to a teller.  I can disable online/mobile
access if I want (in fact I have to opt-in), but I'm not forced to. :-)

More information about the dns-operations mailing list