Bill Manning wrote: > i think the distinction here might be characterised by > the use of terms: > > -channel security Don't try to confuse the terminology. With the terminology of "channel", the paper addresses the issue that security by channels between zones or zone administrators depends on security of intermediate zones and is not end to end. > -data integrity Date integrity is maintained through the channels between zones hop by hop. > DNSSEC - the signing of the data, provides a means to ensure the > accuracy and integrity of the data, the payload. The problem is that the accuracy and integrity of DNSSEC is not cryptographically but socially secure. So is plain old DNS. So, there is no point to deploy DNSSEC. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf