On 24September2010Friday, at 17:16, John Levine wrote: >> Plan A: few consumers will use DNSSEC between their PCs and the ISP's >> resolver, so they won't notice. >> >> Plan B: consumers will observe that malicious impersonation of far away >> DNS servers is rare and exotic, but malware spam arrives hourly, so they >> will make a rational tradeoff, take their ISP's advice, and turn off >> DNSSEC. > > Something else occurs to me: > > Plan C: Sophisticated ISPs might configure their own DNSSEC key into > customer resolvers, and sign replacement records with that. > > The threat model for DNSSEC has always been, approximately, that the > authoritative server at the far end is friendly, and the middleboxes > are hostile. But we have real situtations where the opposite is true, > quite possibly more often than the other way around. presuming your statement about an inversion of the stated trust model is correct, can we dereference "friendly" and "hostile" to whom? Who makes that assessment and who/what defines the tools to implement a trust policy? --bill > > If we want people deploying DNSSEC widely, we need to make sure it > handles the actual threats they face. > > R's, > John > > PS: If I plug my random Windows PC or Mac into a cable modem, and I tell > it to use DNSSEC, where does it get the top level validation keys? > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf