Sam Hartman wrote: > Masataka> Given that CAs of PKI can be compromised as easily as > Masataka> ISPs of the Internet, PKI is merely weakly secure as > Masataka> weakly as the plain Internet. > > I'd consider DH a fine strong security mechanism in a number of cases. DH is, though not strong, pretty secure only *IF* you can securely identify your peer. If, for the identification, you use plain DNS or, so called secure DNS, neither of which is strongly secure, TCP sequence number gives proper level of security. Stephen Kent wrote: > The notion of CA compromise and ISP comprise are not completely > comparable, which makes your comparison suspect. As I already mentioned, social attacks on employees of CAs and ISPs are equally easy and readily comparable. > Also, the security implications of errors (or sloppiness) by ISPs is > very different from that of CAs, so I don't think your comparison makes > sense in that regard as well. Given the sloppiness of current DNS management, secure DNS CAs, which is an PKI, will be no different from that of ISPs. It hard for you to recognize that most, if not all, of the effort of IETF security area has been wasted in vain. But that's the reality. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf