Alex Bligh wrote:

> However, I do recall going to a meeting a couple of months
> ago attended by (amongst others) by one parliamentarian, and a
> representative from the UK Department of Trade and Industry, and being
> slightly surprised they where perfectly aware of the possibility of various
> DNS-related attacks (no doubt discovered through background reasearch for
> other Phishing attacks) and that DNSSEC solved most of them.


That's a big surprise, because DNSSEC is not a protection against
most, if not all, of attacks, even when zone administrators are
not compromised, which is as easy as compromising ISPs.

Perhaps, the parliamentarian should also believe DNSSEC were
cryptographically secure.

Masataka Ohta


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: