Re: DNSSEC is NOT secure end to end

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thierry Moreau wrote:

>>>> That is, security of DNSSEC involves third parties and is not end
>>>> to end.

> This is exactly like a chain of PKI CA's (replacing the path from bottom 
> to top of zone hierarchy):

> Exactly the same with a compromised intermediate CA.

> Exactly the same with a private key corresponding to the next 
> intermediate CA along the chain (i.e. the one certified by the 

The paper of David Clark says PKI is not secure end to end.

Some tried to argue against by saying DNSSEC is so special that
it is secure end to end.

But, as you can observe, DNSSEC is no special and not secure end
to end.

> I don't think any DNSSEC expert ever claimed differently.

I am the DNSSEC expert and see some people having a lot less
expertise than me says DNSSEC secure end to end.

They are incorrect or using different terminology on "end to end"
not acceptable to the Internet community.

						Masataka Ohtqa


_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]