AS I have been saying for over a decade security is risk management, not =
risk elimination.

The point you make is not new, Bruce Scheneir made it together with Carl =
Ellison in a paper some years back. He was wrong then and Secrets and =
Lies is essentially explaining why.

Most cases of administrative incompetence will result in a complete loss =
of service. DNSSEC does not add a significant number of new ways to =
screw up and the remedy is exactly the same.=20

The cases where administrative incompetence leads to a security breach =
are not as likely as direct attack and in any case very difficult to =
exploit successfully without inside knowledge that allows for more =
powerful attacks.

DNSSEC is not intended to control against administrator malfeasance.=20

> -----Original Message-----
> From: Masataka Ohta []=20
> Sent: Monday, December 11, 2006 7:48 PM
> To: Hallam-Baker, Phillip
> Cc: Paul Vixie; Christian Huitema; Ralph Droms; bert hubert;=20
> Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
> Hallam-Baker, Phillip wrote:
> > If you want to make such statements first state your risk model.

> Are you saying it to Paul's statement of "so the Secure DNS=20
> model is end-to-end rather than interior-only."?
> Anyway, if you use your risk model, your statements is=20
> nothing more than a fantasy.
> I, instead, have been stating the reality that ISPs and zone=20
> administrators are equally (un)trustworthy.
> As a result, DNSSEC is NOT cryptographycally secure and is as=20
> secure as plain DNS.
> Masataka Ohta

to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.