Re: [Asrg] DNSSEC is NOT secure end to end2009-06-09 20:19:48David Wilson wrote: As has been discussed in the thread, DNSSEC is NOT a protection against cache poisoning, because caches poisoned with forged certificate breaks the security. I think you need to explain how this happens in detail. In detail??? See below. With DNSSEC, a security aware resolver will want to check the signature. Except for glue A. Masataka Ohta _______________________________________________ Ietf mailing list Ietf(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/ietf
|
|