This is a discussion on Re: DNSSEC - Signature Only vs the MX/A issue. - DNS ; Hallam-Baker, Phillip wrote: > If you want to make such statements first state your risk model. Are you saying it to Paul's statement of "so the Secure DNS model is end-to-end rather than interior-only."? Anyway, if you use your risk ...
Hallam-Baker, Phillip wrote:
> If you want to make such statements first state your risk model.
Are you saying it to Paul's statement of "so the Secure DNS model is
end-to-end rather than interior-only."?
Anyway, if you use your risk model, your statements is nothing more
than a fantasy.
I, instead, have been stating the reality that ISPs and zone
administrators are equally (un)trustworthy.
As a result, DNSSEC is NOT cryptographycally secure and is as secure
as plain DNS.
Masataka Ohta
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive:
