Ted Lemon wrote: > This isn't _quite_ true. DNSSEC supports trust anchors at > any point in the hierarchy, and indeed I think the right > model for DNSSEC is that you would install trust anchors > for things you really care about, and manage them in the > same way that you manage your root trust anchor. E.g., > you'd install a trust anchor for your employer, and your > bank, and maybe your local town government. This is > all future UI work, of course. Operationally, that's not practical. Users can't manage their trust anchors securely. > Furthermore, if the root key is compromised and that is then > used to substitute a bogus key, it isn't that hard to notice > that this has happened, and indeed we ought to be > systematically noticing these things. So hacking the root > key is certainly a valid threat, but there is a great deal > more transparency in the DNSSEC system than in the TLS PKI, > and that should mean that the system is more robust in the > face of this kind of attack. According to your theory, we don't need DNSSEC, because cache poisoning attacks on plain DNS is easily detectable. Masataka Ohta