David Wilson wrote: >>According to the terminology of David Clark, PKI including DNSSEC >>is not secure end to end. > DNSSEC provides two things. Firstly, it provides the means to digitally > sign RRsets. This provides data origin authentication and data > integrity. The provision is through hops of certificate authorities, which is what is discussed in latter paper of David Clark published in 2001. Read it. > As this operates at the DNS application layer, this is > clearly "end to end" within David Clark's terminology. It does not rely > on any security services in the lower communication layers (in the way > that, for instance, relying on TCP would). If you read the paper, you can find the lower layer of PKI consists of communication with or between certificate authorities. Compromising a certificate authority in the lower communication layer breaks the security of data origin authentication and data integrity. > This origin authentication and integrity is precisely what is required > to avoid the DNS cache poisoning which is the kind of vulnerability > which prompted this discussion. As has been discussed in the thread, DNSSEC is NOT a protection against cache poisoning, because caches poisoned with forged certificate breaks the security. > This aspect of DNSSEC does not require the use of any PKI. Read the 2001 paper on why PKI not end to end and why DNSSEC no exception. The paper explains why scale breaks the end to end property. > I get the impression from you that DNSSEC is to be disregarded because > it is not "end to end". Being "end to end" has practical advantages. See above on how useless DNSSEC is to avoid cache poisoning, which was the motivation to deploy it. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf