In message <4A25B8EF.70203@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Masataka Ohta writes: > Thierry Moreau wrote: > > >> (That is: You already trust the zones above you to maintain the > >> integrity of the zone on the *server*; > > > This assumption does not stand universally. For some DNS users/usage, > > DNSSEC signature verification will be a must. The discussion implicitly > > referred to such uses. > > A problem of blindly believing a zone administration is that it is > only as secure as blindly believing an ISP administration. > > Attacking a router of a large ISPs is as easy/difficult as attacking > a signature generation mechanism of a large zone. The difference is we *have* to trust the zone administration. There is no scalable way to avoid that trust issue. We don't have to trust the router adminstration or caching server administration or authoritative server adminstration. > Moreover, administration of LAN of a local organization (my universty, > for example) is as secure as administration of a zone local to the organizati > on. I've been on plenty of LAN's which I would treat as "hostile". > You can, for example, bribe a personnel or two, against which there > is no cryptographical protection, which means PKI is weakly secure. Which is not a arguement for not doing DNSSEC. Knowing where the risks are is how you do risk management. If you arn't willing to accept some risks then don't connect to the net. > Masataka Ohta -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf