Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: John C Klensin <john-ietf@xxxxxxx>
Subject: Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)
From: Nico Williams <nico@xxxxxxxxxxxxxxxx>
Date: Mon, 11 Aug 2014 01:20:33 -0500
Archived-at: http://mailarchive.ietf.org/arch/msg/ietf/w6NpDTNerc6Ek35yg-xOros-x9I
Cc: David Crocker <dcrocker@xxxxxxxx>, ietf@xxxxxxxx, saag@xxxxxxxx
Delivered-to: ietf@xxxxxxxxxxxxxx
In-reply-to: <20140811061623.GA21783@localhost>
User-agent: Mutt/1.5.21 (2010-09-15)

On Mon, Aug 11, 2014 at 01:16:26AM -0500, Nico Williams wrote:
>  - DNSSEC does not provide confidentiality of protection for lookups and
>    answers (while PKIX has no real directory service to speak of).

Arg, protection of confidentiality.

DNSSEC does provide integrity proection.  Which is to say:
authentication of data and its origin (assuming honest and secure
registrars, just like one has to assume honest and secure CAs in the
PKIX model).

Nico
--

References:
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Nico Williams
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Dave Crocker
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Viktor Dukhovni
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Dave Crocker
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: Patrik Fältström
- Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC
  - From: John C Klensin
- What does DNSSec protect? (Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)
  - From: Dave Crocker
- Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)
  - From: Steve Crocker
- Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)
  - From: John C Klensin
- Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)
  - From: Nico Williams

[Index of Archives] [IETF Annoucements] [IETF] [IP Storage] [Yosemite News] [Linux SCTP] [Linux Newbies] [Fedora Users]