Re: DNSSEC is NOT secure end to end

ietf

Re: DNSSEC is NOT secure end to end

2009-06-05 12:08:10

Ohta-san,

On Fri, 2009-06-05 at 22:15 +0900, Masataka Ohta wrote:

I think we all understand that it is possible to inject bad data into
the DNS at the parent.


What do you mean "the parent"?

Do you mean master zone file of the parent or some caching server
expected by a client to have parent data?


I "the parent" in the same sense as in RFC 1034 - the delegating level.
So, for EXAMPLE.COM this would be COM.

What I do not understand about this comment is how transport security
can help in that case. Can you please explain?


Explanation depends on your definition of "the parent".


--
Shane

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNSSEC is NOT secure end to end (more tutorial than debating), (continued) Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Andrew Sullivan Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta DNSSEC was never designed for transport end to end security, Bill Manning DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr <= Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNSSEC is NOT secure end to end, Paul Wouters Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Bill Manning Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Marc Manthey Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Andrew Sullivan

Previous by Date:	Re: DNSSEC is NOT secure end to end, Shane Kerr
Next by Date:	Re: Last Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RFC, Sean Turner
Previous by Thread:	Re: DNSSEC is NOT secure end to end, Masataka Ohta
Next by Thread:	Re: DNSSEC is NOT secure end to end, Masataka Ohta
Indexes:	[Date] [Thread] [Top] [All Lists]