[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSEC - Signature Only vs the MX/A issue.

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Tue, 12 Dec 2006 09:48:09 +0900
Cc: Paul Vixie <paul@vix.com>, Christian Huitema <huitema@windows.microsoft.com>, Ralph Droms <rdroms@cisco.com>, bert hubert <bert.hubert@netherlabs.nl>, namedroppers@ops.ietf.org
Delivery-date: Tue, 12 Dec 2006 00:49:18 +0000
Envelope-to: namedroppers-data@psg.com
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Hallam-Baker, Phillip wrote:

> If you want to make such statements first state your risk model.

Are you saying it to Paul's statement of "so the Secure DNS model is
end-to-end rather than interior-only."?

Anyway, if you use your risk model, your statements is nothing more
than a fantasy.

I, instead, have been stating the reality that ISPs and zone
administrators are equally (un)trustworthy.

As a result, DNSSEC is NOT cryptographycally secure and is as secure
as plain DNS.

							Masataka Ohta


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
Next by Date: RE: DNSSEC - Signature Only vs the MX/A issue.
Previous by thread: RE: DNSSEC - Signature Only vs the MX/A issue.
Next by thread: RE: DNSSEC - Signature Only vs the MX/A issue.
Index(es):
- Date
- Thread