Noel Chiappa wrote:
>> What DNSsec will provide is ... data origin authentication and data
>> integrity protection.
??? There is clearly something here I don't understand.
No, you don't.
How does the UDP checksum plus a cookie (nonce) protect against
a MITM attack,
on the path from the server back to the querying entity?
As DNSSEC is not protected from MitM attacks on zones on the path
between client and server zones, how can you expect plain old DNS
is better protected?
Ietf mailing list