ietf
[Top] [All Lists]

Re: DNS over SCTP

2009-05-29 20:24:36
Dean Anderson wrote:

The dispute on 'certificate' is over the definition of what
'certificate' means.

As I used the word 'certificate' with a reference, there is no
point to argue against me with terminology different from the
refereed paper.

Anyway, the definition of 'certificate' does not affect the
applicability of the paper to DNSSEC.

That is, DNSSEC is NOT secure end to end.

Security of DNSSEC depends on security of a chain of zones,
which are intelligent intermediate entities. If a zone in the
chain is compromised, DNSSEC is compromised, which is no
different from compromising cache in a chain of caching
servers/resolvers.

                                                Masataka Ohta

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>