Hallam-Baker, Phillip wrote:

> If you want to make such statements first state your risk model.

Are you saying it to Paul's statement of "so the Secure DNS model is
end-to-end rather than interior-only."?

Anyway, if you use your risk model, your statements is nothing more
than a fantasy.

I, instead, have been stating the reality that ISPs and zone
administrators are equally (un)trustworthy.

As a result, DNSSEC is NOT cryptographycally secure and is as secure
as plain DNS.

Masataka Ohta

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.