Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

ietf

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

2009-06-12 08:20:58

from [Masataka Ohta]

[Permanent Link]

Phillip Hallam-Baker wrote:

Trust roots have to be valid for at least a decade to be acceptable to
the application vendor community.


? ? ? ?That's a unproved assumption.

It is an observation backed by fifteen years of experience and direct
conversations with the principals for cryptographic security at the
major platform vendors.


PKI, including DNSSEC, is NOT secure cryptographically, but secure
socially or, in other word, weakly secure, subject to social and
other forms of attacks.

PKI, however, is not so insecure, in a sense that plain old DNS
(specified in 1987) is not so insecure and has been valid for
more than a decade to be acceptable to the application vendor
community.

That is the observed fact.

If the broken security model of bailiwick is thrown away,
plain old DNS is made secure enough.

Moreover, plain old DNS is a lot easier to manage than PKI.

                                                Masataka Ohta

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, (continued) Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Mark Andrews Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Stephen Kent Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Message not available Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Richard Barnes Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Mark Andrews Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Mark Andrews Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta <= Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Stephen Kent

Previous by Date:	Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Stephen Kent
Next by Date:	RE: Gen-ART LC Review of draft-hollenbeck-rfc4933bis-01, Hollenbeck, Scott
Previous by Thread:	Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Next by Thread:	Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Indexes:	[Date] [Thread] [Top] [All Lists]