Don't say that you are agreeing with someone when you are intentionally =
misinterpreting what they said to claim the opposite.

This conversation is closed.=20

> -----Original Message-----
> From: Masataka Ohta [mailto:mohta@necom830.hpcl.titech.ac.jp]=20
> Sent: Tuesday, December 12, 2006 2:20 AM
> To: Hallam-Baker, Phillip
> Cc: Paul Vixie; Christian Huitema; Ralph Droms; bert hubert;=20
> namedroppers@ops.ietf.org
> Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
>=20
> Hallam-Baker, Phillip wrote:
>=20
> > AS I have been saying for over a decade security is risk=20

> management,=20
> > not risk elimination.

>=20
> I fully agree with you that there ain't no such thing as=20
> cryptographical security.
>=20
> > The point you make is not new, Bruce Scheneir made it together with=20
> > Carl Ellison in a paper some years back. He was wrong then=20

> and Secrets=20
> > and Lies is essentially explaining why.

>=20
> Hugh?
>=20
> You failed to deny my point that DNSSEC and plain DNS are=20
> equally secure.
>=20
> > Most cases of administrative incompetence will result in a complete=20
> > loss of service. DNSSEC does not add a significant number=20

> of new ways=20
> > to screw up and the remedy is exactly the same.

>=20
> Complex protocols are more complex to implement and operate=20
> and, thus, insecure.
>=20
> For example, it is a lot more likely that DNSSEC software has=20
> buffer overflow valunerability than plain DNS software.
>=20
> > The cases where administrative incompetence leads to a=20

> security breach=20
> > are not as likely as direct attack and in any case very=20

> difficult to=20
> > exploit successfully without inside knowledge that allows for more=20
> > powerful attacks.

>=20
> I'm not sure what you mean "direct attack" but I understand=20
> that you failed to make a point on the merits of deploying DNSSEC.
>=20
> Masataka Ohta
>=20
>=20
>=20


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: