Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 10:41 AM +1000 6/11/09, Mark Andrews wrote:
In message <p06240803c65430cf6e92@[10.10.10.117]>, Stephen Kent writes:
 Joe,

 You have argued that DNSSEC is not viable because it requires that
 everyone adopt IANA as the common root.

Which isn't even a requirement.  Alternate root providers just need
to get copy of the root zone with DS records and sign it with their
own DNSKEY records for the root.

ISP's that choose to use alternate roots might get complaints however
from their customers if they are validating the answers using the
trust-anchors provided by IANA.  This however should be seen as a
good thing as the ISP can no longer tamper with the DNS without
being detected.  If a ISP can convince all their customers that the
alternate roots are a good thing then this won't become a issue.

Fair point, although I think we all want to avoid the sort of Balkionization that this suggests.

Steve
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]