RE: DNSSEC - Signature Only vs the MX/A issue.
Don't say that you are agreeing with someone when you are intentionally =
misinterpreting what they said to claim the opposite.
This conversation is closed.=20
> -----Original Message-----
> From: Masataka Ohta [mailto:firstname.lastname@example.org]=20
> Sent: Tuesday, December 12, 2006 2:20 AM
> To: Hallam-Baker, Phillip
> Cc: Paul Vixie; Christian Huitema; Ralph Droms; bert hubert;=20
> Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
> Hallam-Baker, Phillip wrote:
> > AS I have been saying for over a decade security is risk=20[/color]
> > not risk elimination.[/color]
> I fully agree with you that there ain't no such thing as=20
> cryptographical security.
> > The point you make is not new, Bruce Scheneir made it together with=20
> > Carl Ellison in a paper some years back. He was wrong then=20[/color]
> and Secrets=20[color=green]
> > and Lies is essentially explaining why.[/color]
> You failed to deny my point that DNSSEC and plain DNS are=20
> equally secure.
> > Most cases of administrative incompetence will result in a complete=20
> > loss of service. DNSSEC does not add a significant number=20[/color]
> of new ways=20[color=green]
> > to screw up and the remedy is exactly the same.[/color]
> Complex protocols are more complex to implement and operate=20
> and, thus, insecure.
> For example, it is a lot more likely that DNSSEC software has=20
> buffer overflow valunerability than plain DNS software.
> > The cases where administrative incompetence leads to a=20[/color]
> security breach=20[color=green]
> > are not as likely as direct attack and in any case very=20[/color]
> difficult to=20[color=green]
> > exploit successfully without inside knowledge that allows for more=20
> > powerful attacks.[/color]
> I'm not sure what you mean "direct attack" but I understand=20
> that you failed to make a point on the merits of deploying DNSSEC.
> Masataka Ohta
to unsubscribe send a message to [email]email@example.com[/email] with
the word 'unsubscribe' in a single line as the message text body.