Re: DNS over SCTP

Paul Wouters wrote:

DNSSEC involves no certificates and no certificate authorities. You know
this.


As is documented in the paper of David Clark;

   http://portal.acm.org/citation.cfm?doid=383034.383037
   These certificates are principal components of essentially all
   public key schemes, except those that are so small in scale that
   the users can communicate their public keys to each other one to
   one, in an ad hoc way that is mutually trustworthy.

certificates are principal components of DNSSEC, a large scale
public key scheme.

Not calling intermediate certificates between zones certificates
does not change the reality that DNSSEC involves certificates.

Though there seems to be some confusion that DNSSEC security were
end to end

It is.


See the paper above to see why DNSSEC is NOT end to end.

Of cource, you may argue against David Clark, but, do so with
reasons.

                                                Masataka Ohta


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNS over SCTP, (continued) Re: DNS over SCTP, Paul Wouters Re: DNS over SCTP, David Conrad Re: DNS over SCTP, Alessandro Vesely Re: DNS over SCTP, Paul Wouters Re: DNS over SCTP, Alessandro Vesely Re: DNS over SCTP, David Conrad Re: DNS over SCTP, Douglas Otis Re: DNS over SCTP, David Conrad Re: DNS over SCTP, Masataka Ohta Re: DNS over SCTP, Paul Wouters Re: DNS over SCTP, Masataka Ohta <= Re: DNS over SCTP, Mark Andrews DNSSEC is NOT secure end to end, Masataka Ohta Re: DNS over SCTP, Alessandro Vesely Re: DNS over SCTP, Michael Tüxen Re: DNS over SCTP, Francis Dupont Re: DNS over SCTP, Douglas Otis Re: DNS over SCTP, Francis Dupont Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Francis Dupont Message not available DNSSEC is NOT secure end to end, Joe Baptista