Re: [Asrg] DNSSEC is NOT secure end to end

ietf-asrg

Re: [Asrg] DNSSEC is NOT secure end to end

2009-06-09 20:19:48

David Wilson wrote:

As has been discussed in the thread, DNSSEC is NOT a protection
against cache poisoning, because caches poisoned with forged
certificate breaks the security.

I think you need to explain how this happens in detail.


In detail??? See below.

With DNSSEC, a security aware resolver will want to check the signature.


Except for glue A.

                                                        Masataka Ohta

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNSSEC is NOT secure end to end, (continued) Re: DNSSEC is NOT secure end to end, Bill Manning Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Doug Otis Re: [Asrg] DNSSEC is NOT secure end to end, David Wilson Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNSSEC is NOT secure end to end, David Wilson Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNSSEC is NOT secure end to end, David Wilson Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNSSEC is NOT secure end to end, David Wilson Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta <= Re: [Asrg] DNSSEC is NOT secure end to end, Andrew Sullivan Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNSSEC is NOT secure end to end, der Mouse

Previous by Date:	Re: [Asrg] DNSSEC is NOT secure end to end, David Wilson
Next by Date:	Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta
Previous by Thread:	Re: [Asrg] DNSSEC is NOT secure end to end, David Wilson
Next by Thread:	Re: [Asrg] DNSSEC is NOT secure end to end, Andrew Sullivan
Indexes:	[Date] [Thread] [Top] [All Lists]