AS I have been saying for over a decade security is risk management, not =
risk elimination.

The point you make is not new, Bruce Scheneir made it together with Carl =
Ellison in a paper some years back. He was wrong then and Secrets and =
Lies is essentially explaining why.


Most cases of administrative incompetence will result in a complete loss =
of service. DNSSEC does not add a significant number of new ways to =
screw up and the remedy is exactly the same.=20

The cases where administrative incompetence leads to a security breach =
are not as likely as direct attack and in any case very difficult to =
exploit successfully without inside knowledge that allows for more =
powerful attacks.

DNSSEC is not intended to control against administrator malfeasance.=20




> -----Original Message-----
> From: Masataka Ohta [mailto:mohta@necom830.hpcl.titech.ac.jp]=20
> Sent: Monday, December 11, 2006 7:48 PM
> To: Hallam-Baker, Phillip
> Cc: Paul Vixie; Christian Huitema; Ralph Droms; bert hubert;=20
> namedroppers@ops.ietf.org
> Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
>=20
> Hallam-Baker, Phillip wrote:
>=20
> > If you want to make such statements first state your risk model.

>=20
> Are you saying it to Paul's statement of "so the Secure DNS=20
> model is end-to-end rather than interior-only."?
>=20
> Anyway, if you use your risk model, your statements is=20
> nothing more than a fantasy.
>=20
> I, instead, have been stating the reality that ISPs and zone=20
> administrators are equally (un)trustworthy.
>=20
> As a result, DNSSEC is NOT cryptographycally secure and is as=20
> secure as plain DNS.
>=20
> Masataka Ohta
>=20
>=20
>=20


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: