Separation of powers
The position of operating at TLD and DNS service is a position of great trust. SSL was developed precisely for this reason: so users could put their trust in an uninterested third party rather than in the TLD/DNS service providers alone. This is the only assurance that users have in knowing that a site is who it claims to be. VeriSign already controls much of the certificate market (on which SSL is based) and should not be given more control over the DNS infrastructure. This would create a liability both in terms of abuse and as a single point of attack. I am especially alarmed because VeriSign operates a "Lawful Intercept" service giving them not only the ability (in falsifying both DNS and certificates), but also a strong motive to act against the interest of its users. Such a conflict of interest should not be exacerbated by awarding VeriSign with yet more power in this domain. Robert Bradshaw Computer Security Researcher |