On Sun, Apr 11, 2021 at 12:36 AM Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:
On Sun, Apr 11, 2021 at 12:20:28AM -0400, Phillip Hallam-Baker wrote:
> Only VERIFYING digital signatures provides security. And nobody knows what
> to do when DNSSEC validation fails so nobody really does it
This is false both in premise and conclusion. I was tempted to ignore
the rest of the post, but ...
If nobody is ever going to check the sigs, they could simply be random bytes.
I had a PGP sig on some of my USENET posts for a while. Nobody ever checked
it and nobody ever noticed it was a static sig that never changed.
> On the trust root issue. Alice should be the root of trust for Alice, Bob
> should be the root of trust for Bob. That is what I have been building. And
> with an application that secures data at rest without rendering it unusable.
I concur that the mesh is a good idea worth pursuing, you don't need to
try to prove everything/everyone else wrong in order be right.
There are two possible ways forward. One it to use the Mesh itself and the other is
to backport ideas proven in the Mesh back to the legacy system.
To justify the deployment of a new infrastructure, I do have to show that
backporting is infeasible. I have paid particular attention to the reason for
the failure of DNSSEC and DANE precisely because I want to understand what
the criteria are for success.
The conclusion I find it difficult to avoid is that it is possible to graft some
security features onto an insecure system but it is not practical to move
from an insecure default permit environment to a secure default deny
environment.
