ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNSSEC is NOT secure end to end

2009-06-08 01:23:56
from [Masataka Ohta] [Permanent Link] 
Phillip Hallam-Baker wrote:


I was at a dinner with Dave Clarke last week. Those who invoke his
name in these arguments rarely seem to have read his paper on the end
to end principle IN NETWORKING.


Which paper is, are you saying, "his paper"? The original one or
latter one (published in 2001) which includes discussion on PKI,
which I referred in previous mails.

As you say "IN NETWORKING", I'm afraid you haven't read his original
paper "END-TO-END ARGUMENTS IN SYSTEM DESIGN", which is on "system
design" in general and not necessarily "in networking". For example,
in the original paper, RISC (Reduced Instruction Set Computer) is
given as an example of end to end design.


Depending on your level of abstraction you choose to work at you can
argue that anything is an end.


Apparently, he taught you basic points in his original paper
but not beyond.

It is discussed in the original paper that:

        Identifying the ends
        Using the end-to-end argument sometimes requires subtlety
        of analysis of application requirements.
        one must use some care to identify the end points to which
        the argument should be applied.

Beyond the original paper, the application of the end to end
argument to PKI including DNSSEC is discussed in his latter
paper in 2001 with PROPERLY IDENTIFIED "end points". In the
paper, certificate authorities are identified to be third
parties. 

With the discussion, there is no point denying "DNSSEC is NOT
secure end to end".


It would be nice if the paper was available in unencumbered form.


Both of the papers are freely downloadable.

The original paper:

http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf

The paper in 2001:

http://www.csd.uoc.gr/~hy558/papers/Rethinking_2001.pdf

You should have read both of them to make the dinner more valuable.


Publication in ACM does not help anything but the author's academic
career.


I gave a link to the paper in 2001 through ACM because it has DOI,
assuming that anyone can use search engines and that all the people
who talks about the end to end principle should have read the
original paper in advance.

                                                Masataka Ohta

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta
Next by Date:  Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Previous by Thread:  Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Next by Thread:  Re: [Asrg] DNSSEC is NOT secure end to end, David Wilson
Indexes:  [Date] [Thread] [Top] [All Lists]