In last-call@xxxxxxxx, Salz, Rich wrote: First, this mail partly is a response to Keith for a thread of "Re: Notification to list from IETF Moderators team".
I am strongly opposed to this document being published in the IETF stream.
Indeed. The draft does not distinguish e2e encryption and e2e security, because, e2e encryption by a shared key compromised by MitM attacks at some intermediate CAs of some PKI, including DNSSEC, is not e2e secure. as was demonstrated by diginotar. See https://en.wikipedia.org/wiki/DigiNotar for details. As such, DNSSEC is not cryptographically secure and is no better than plain DNS with long enough message IDs. The issue was discussed recently in DNSOP list, and a person argued against me saying CAs are protected by strong physical or social security such as "HSMs" (hardware security moduled, which, theoretically, make secret keyd inaccessible from the Internet) and "four eyes minimum" (which means, confirmation by two persons). But, requiring so strong physical or social security means it is not cryptographically secure. Moreover, diginotar was advertised to be equipped with "HSMs" and "four eyes minimum", which may be wrongly operated or was just a false advertisement by diginotar, both of which is possible by other CAs. Masataka Ohta
