GreenEngineering3475@lemmy.world to Technology@lemmy.worldEnglish · 1 年前The Disappearance of an Internet Domainevery.toexternal-linkmessage-square48fedilinkarrow-up1210arrow-down14cross-posted to: [email protected]
arrow-up1206arrow-down1external-linkThe Disappearance of an Internet Domainevery.toGreenEngineering3475@lemmy.world to Technology@lemmy.worldEnglish · 1 年前message-square48fedilinkcross-posted to: [email protected]
minus-squareNicolaHaskell@lemmy.worldlinkfedilinkEnglisharrow-up2arrow-down2·1 年前OK poof there are now 100 name servers delegating .com. Which one does your ISP default you to? [1-100]
minus-squareinterdimensionalmeme@lemmy.mllinkfedilinkEnglisharrow-up1·1 年前All of them, find one that responds an answer valid for my local saved key. The DNS server is no longer an authority on its own, just your keyring matters.
minus-squareinterdimensionalmeme@lemmy.mllinkfedilinkEnglisharrow-up1arrow-down1·1 年前The certificate authorities on my ring that I trust. For normal people that’s already included in their OS or browser
minus-squareNicolaHaskell@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down1·1 年前So, an authority? It sounds like this would complicate DNSSEC by requiring the “root keys” to be stored outside the DNS itself.
minus-squareinterdimensionalmeme@lemmy.mllinkfedilinkEnglisharrow-up1·1 年前We already have to have key rings. Centralized DNS is just a second, superfluous layer of authority (and a massive grift) on top
minus-squareNicolaHaskell@lemmy.worldlinkfedilinkEnglisharrow-up1arrow-down1·1 年前“Centralized DNS” is an oxymoron, we’ll have to agree to disagree
KILL CENTRALIZED DNS
OK poof there are now 100 name servers delegating .com. Which one does your ISP default you to? [1-100]
All of them, find one that responds an answer valid for my local saved key.
The DNS server is no longer an authority on its own, just your keyring matters.
Who issued the key?
The certificate authorities on my ring that I trust. For normal people that’s already included in their OS or browser
So, an authority? It sounds like this would complicate DNSSEC by requiring the “root keys” to be stored outside the DNS itself.
We already have to have key rings. Centralized DNS is just a second, superfluous layer of authority (and a massive grift) on top
“Centralized DNS” is an oxymoron, we’ll have to agree to disagree