Re: DNSSEC is NOT secure end to end

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In message <874c02a20906010608p3e7fbdd3wa31c9ea5452a7ab9@xxxxxxxxxxxxxx>, Joe Baptista writes:
> On Mon, Jun 1, 2009 at 12:30 AM, Mark Andrews <marka@xxxxxxx> wrote:
> 
> >
> >        If you believe that I have a bridge to sell you.
> 
> 
> Keep the bridge - it's all yours.  Remember - in order to sell the bridge
> you first have to own it.  Your convenced you have something to sell.  I am
> not.
> 
> > > Totally different from DNSSEC.
> >
> >
> >        You can disagree all you want but it doesn't change the
> >        fact that DNSSEC and DNSCurve both have chains of trusts.
> >        The proponents of DNSCurve even say this.
> >
> >        Note the chain of trust as described on
> >        http://www.dnscurve.org/tld.html/.
> 
> 
> The correct URL is http://www.dnscurve.org/tld.html not
> http://www.dnscurve.org/tld.html/
> 
> And yet again - it has nothing to do with chains of trust.  It does learn
> how to trust and whom to trust.  Thats part of the job.  What DNSCurve does
> do is it "adds link-level public-key protection to DNS packets" therefore
> guaranteeing the integrity of the packets end to end.

	DNSCurve protects authoritative server to iterative resolver
	if and only if you can authenticate the names of the
	nameservers and that they are supposed to be serving the
	zone you are querying against.  If you can't do that then
	you are just talking to some random server using a cryptographic
	channel and you shouldn't be trusting the results.
 
> Totally different from DNSSEC which indeed uses chains of trust - i.e. root
> to tld to sld etc.etc.

	And DNSCurve uses chains of trust from root servers to tld
	servers to sld servers etc. etc.

> I am totally amazed at the propaganda that comes out of ISC these days.
> When you guys start comparing DNSSEC to DNSCurve - we'll - all I can say is
> this - I have this really nice bridge on the Hudson I'd like to sell you
> that will compliment the bridge you've already have.

> cheers
> joe baptista
> 
> -- 
> Joe Baptista
> 
> www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive, Representative &
> Accountable to the Internet community @large.
> ----------------------------------------------------------------
>  Office: +1 (360) 526-6077 (extension 052)
>     Fax: +1 (509) 479-0084
> 
> Personal: www.joebaptista.wordpress.com
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@xxxxxxx
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]