Re: DNSSEC - Signature Only vs the MX/A issue.
Hallam-Baker, Phillip wrote:
> If you want to make such statements first state your risk model.[/color]
Are you saying it to Paul's statement of "so the Secure DNS model is
end-to-end rather than interior-only."?
Anyway, if you use your risk model, your statements is nothing more
than a fantasy.
I, instead, have been stating the reality that ISPs and zone
administrators are equally (un)trustworthy.
As a result, DNSSEC is NOT cryptographycally secure and is as secure
as plain DNS.
to unsubscribe send a message to [email]firstname.lastname@example.org[/email] with
the word 'unsubscribe' in a single line as the message text body.