Re: DNSSEC is NOT secure end to end

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Phillip Hallam-Baker wrote:

> I was at a dinner with Dave Clarke last week. Those who invoke his
> name in these arguments rarely seem to have read his paper on the end
> to end principle IN NETWORKING.

Which paper is, are you saying, "his paper"? The original one or
latter one (published in 2001) which includes discussion on PKI,
which I referred in previous mails.

As you say "IN NETWORKING", I'm afraid you haven't read his original
paper "END-TO-END ARGUMENTS IN SYSTEM DESIGN", which is on "system
design" in general and not necessarily "in networking". For example,
in the original paper, RISC (Reduced Instruction Set Computer) is
given as an example of end to end design.

> Depending on your level of abstraction you choose to work at you can
> argue that anything is an end.

Apparently, he taught you basic points in his original paper
but not beyond.

It is discussed in the original paper that:

	Identifying the ends
	Using the end-to-end argument sometimes requires subtlety
	of analysis of application requirements.
	one must use some care to identify the end points to which
	the argument should be applied.

Beyond the original paper, the application of the end to end
argument to PKI including DNSSEC is discussed in his latter
paper in 2001 with PROPERLY IDENTIFIED "end points". In the
paper, certificate authorities are identified to be third
parties. 

With the discussion, there is no point denying "DNSSEC is NOT
secure end to end".

> It would be nice if the paper was available in unencumbered form.

Both of the papers are freely downloadable.

The original paper:

http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf

The paper in 2001:

http://www.csd.uoc.gr/~hy558/papers/Rethinking_2001.pdf

You should have read both of them to make the dinner more valuable.

> Publication in ACM does not help anything but the author's academic
> career.

I gave a link to the paper in 2001 through ACM because it has DOI,
assuming that anyone can use search engines and that all the people
who talks about the end to end principle should have read the
original paper in advance.

						Masataka Ohta

_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]