On Wed, 3 Jun 2009, Mark Andrews wrote:
You can, for example, bribe a personnel or two, against which there
is no cryptographical protection, which means PKI is weakly secure.
You have never heard of a Hardware Security Module?
HSM doesn't stop the wrong data being signed. It just stops
it being signed on machines other that the designated servers.
The context was the "false security" of DNSSEC and the "third party trust".
Obviously changing the raw dns data is possible both with and without DNSSEC.
Paul
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf