ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

2009-06-11 10:17:52
from [Stephen Kent] [Permanent Link] 
At 10:41 AM +1000 6/11/09, Mark Andrews wrote:

In message <p06240803c65430cf6e92(_at_)[10(_dot_)10(_dot_)10(_dot_)117]>, 
Stephen Kent writes:

 Joe,

 You have argued that DNSSEC is not viable because it requires that
 everyone adopt IANA as the common root.


Which isn't even a requirement.  Alternate root providers just need
to get copy of the root zone with DS records and sign it with their
own DNSKEY records for the root.

ISP's that choose to use alternate roots might get complaints however
from their customers if they are validating the answers using the
trust-anchors provided by IANA.  This however should be seen as a
good thing as the ISP can no longer tamper with the DNS without
being detected.  If a ISP can convince all their customers that the
alternate roots are a good thing then this won't become a issue.
Fair point, although I think we all want to avoid the sort of Balkionization that this suggests. 

Steve
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: opsdir review of draft-green-secsh-ecc-08, David Harrington
Next by Date:  Re: Publicizing IETF nominee lists [Fwd: Last Call: draft-dawkins-nomcom-openlist (Nominating Committee Process: Open Disclosure of Willing Nominees) to BCP], Dave Cridland
Previous by Thread:  Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Mark Andrews
Next by Thread:  Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]