In message <4A285750.9010104@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Masataka Ohta writes: > Andrew Sullivan wrote: > > >>Though we have to trust the zone administration put correct referral > >>and glue data in a master zone file, unless we use DNSSEC, we don't > >>have to trust the zone administration never issue certificates over > >>forged keys of child zones. > > > If an attacker can get its bogus data into the referring zone, > > I never said such a thing. > > I said "issue certificates over forged keys of child zones". > > The attack is possible by those who have access to signature > generation mechanisms and the attack is not visible until the > false certificates are used later. > > People introduced DNSSEC believing DNSSEC makes cache poisoning > not a problem, are ready to accept false certificates through > unprotected cache. > > Thus, we must, anyway, protect cache. > > Then, where is the point to introduce DNSSEC only to have another > possibility of security holes? We still lock doors and windows despite the possiblity of people breaking in by lifting tiles. Attacks at the registry level are the equivalient of lifting tiles. It happens sometimes. Locking the doors and windows stops most attacks however. > Masataka Ohta > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf