In message
<4A25B8EF(_dot_)70203(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp>,
Masataka Ohta writes:
Thierry Moreau wrote:
(That is: You already trust the zones above you to maintain the
integrity of the zone on the *server*;
This assumption does not stand universally. For some DNS users/usage,
DNSSEC signature verification will be a must. The discussion implicitly
referred to such uses.
A problem of blindly believing a zone administration is that it is
only as secure as blindly believing an ISP administration.
Attacking a router of a large ISPs is as easy/difficult as attacking
a signature generation mechanism of a large zone.
The difference is we *have* to trust the zone administration.
There is no scalable way to avoid that trust issue.
We don't have to trust the router adminstration or caching
server administration or authoritative server adminstration.
Moreover, administration of LAN of a local organization (my universty,
for example) is as secure as administration of a zone local to the organizati
on.
I've been on plenty of LAN's which I would treat as "hostile".
You can, for example, bribe a personnel or two, against which there
is no cryptographical protection, which means PKI is weakly secure.
Which is not a arguement for not doing DNSSEC. Knowing
where the risks are is how you do risk management. If you
arn't willing to accept some risks then don't connect to the
net.
Masataka Ohta
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf