Noel Chiappa wrote: > >> What DNSsec will provide is ... data origin authentication and data > >> integrity protection. > ??? There is clearly something here I don't understand. No, you don't. > How does the UDP checksum plus a cookie (nonce) protect against > a MITM attack, > on the path from the server back to the querying entity? As DNSSEC is not protected from MitM attacks on zones on the path between client and server zones, how can you expect plain old DNS is better protected? Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf