Torvalds:requiring root password for mundane things is moronic

Paul Wouters pwouters at
Thu Mar 1 04:24:35 UTC 2012

On Thu, 1 Mar 2012, Giovanni Campagna wrote:

> The same protections should be used, that is DNSSEC and end-to-end
> authentication (SSH, TLS). This still leaves the real mdns area
> unprotected, but this is to be expected, and it's just an UI issue
> (that could be resolved once network zones land).

One good use that can be made with DNSSEC is that you can broadcast
you security chain from DNSSEC.

My laptop can announce itself as It will announce the
DNS chain from com to to The other person,
let's say produces the DNS chain from com to
to Now each party can, with just the preloaded root
dns key, obtain a cryptographic identity based on a simple identifier
(hostname). We can connect our laptops, or phones, simply by saying
"my laptop is". We could even do this without having
any internet connection, exchange public keys, and setup an IPsec tunnel
between our machines/phones, and only then transfer our personal data.

We only need some people to write and submit an IETF draft for this :)

(AFAIK, people were already working on standarising dnssec blobs for
  use in embedding them in certificates, eg Adam Langley and Dan


More information about the devel mailing list