Andrew Sullivan wrote: >>Though we have to trust the zone administration put correct referral >>and glue data in a master zone file, unless we use DNSSEC, we don't >>have to trust the zone administration never issue certificates over >>forged keys of child zones. > If an attacker can get its bogus data into the referring zone, I never said such a thing. I said "issue certificates over forged keys of child zones". The attack is possible by those who have access to signature generation mechanisms and the attack is not visible until the false certificates are used later. People introduced DNSSEC believing DNSSEC makes cache poisoning not a problem, are ready to accept false certificates through unprotected cache. Thus, we must, anyway, protect cache. Then, where is the point to introduce DNSSEC only to have another possibility of security holes? Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf