On Tue, 2009-06-02 at 22:38 +0900, Masataka Ohta wrote: > Yes, security of DNSSEC is totally hop by hop. I am nervous of adding to this debate (and should it really be on ASRG?) However, I think there is some difference in the way people are using some terms. My understanding of the terms hop-by-hop and end-to-end is this: A data item traverses a number of nodes within a network. (E.g. a UDP datagram moving through an inter-network, or a Email message from its submitting UA via a sequence of MTAs to the recipient's UA). "End-to-end" security means that the security of that data item does not depend on the trustworthiness of any intermediate node, or channel. "Hop-by-hop" security means that you do rely on the trustworthiness of the intermediate nodes and channels. (E.g. CRC provides no defence against deliberate tampering, TLS for email is only as trustworthy as the least trusted intermediate MTA). PKI establishes a "chain of trust" between the signing certificate (i.e. the certificate containing the public key corresponding to the private key used to generate the signature) and your trust anchors (which you choose). This is not really "hop-by-hop" as data is not hopping. Like a real chain, it is only as strong as its weakest link. However, the chain operates in a different 'space' from that used to transfer the data being protected. As far as I understand, the key thing which DNSSEC gives you is data origin authentication (although that by itself without data integrity would be useless). The DNS attacks which were the start of the discussion are all based on the attacker sending false data to the system under attack. Having an effective means for determining from whom data comes is necessary to overcome this kind of attack. best regards David Wilson _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf