Dean Anderson wrote: > The dispute on 'certificate' is over the definition of what > 'certificate' means. As I used the word 'certificate' with a reference, there is no point to argue against me with terminology different from the refereed paper. Anyway, the definition of 'certificate' does not affect the applicability of the paper to DNSSEC. That is, DNSSEC is NOT secure end to end. Security of DNSSEC depends on security of a chain of zones, which are intelligent intermediate entities. If a zone in the chain is compromised, DNSSEC is compromised, which is no different from compromising cache in a chain of caching servers/resolvers. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf