I was at a dinner with Dave Clarke last week. Those who invoke his name in these arguments rarely seem to have read his paper on the end to end principle IN NETWORKING. The end to end security argument came earlier, it is referenced as an antecedent to lend support to the then novel idea of applying it to a network. And it is an argument about the best place to manage complexity. No internet security is end to end, no internet security protocol can be end to end as the ends of the security relationship are PEOPLE and ORGANIZATIONS. Depending on your level of abstraction you choose to work at you can argue that anything is an end. It would be nice if the paper was available in unencumbered form. Publication in ACM does not help anything but the author's academic career. There are real problems with DNSSEC but not those that tend to gain advancement there, On Sat, May 30, 2009 at 7:27 PM, Masataka Ohta<mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > Francis Dupont wrote: > >> => not only this is very arguable (for instance about the resource >> exhaustion) but no hop-by-hop/channel security, even something as >> strong as TSIG, can provide what we need, i.e., end-to-end/object >> security (*). > > Unless your meaning of end-to-end differs from that of David Clark, > the following argument of his paper is applicable to DNSSEC. > > http://portal.acm.org/citation.cfm?doid=383034.383037 > Rethinking the design of the Internet: > The end to end arguments vs. the brave new world > > The certificate is an assertion by that (presumably > trustworthy) third party that the indicated public key > actually goes with the particular user. > > These certificates are principal components of essentially > all public key schemes, > > That is, security of DNSSEC involves third parties and is not end > to end. > >> PS (*): I use the common meaning of end-to-end, not Masataka Ohta's one. > > I'm afraid you don't know who David Clark is and how he is related > to the end to end argument. > > However, all the people who are qualified to discuss end to end do > know him and his argument. > > Masataka Ohta > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > -- -- New Website: http://hallambaker.com/ View Quantum of Stupid podcasts, Tuesday and Thursday each week, http://quantumofstupid.com/ _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf