I guess what Masataka was referring to is a different source of
variance, i.e. an impersonation of JPNIC's authority over its domain of
control (using a compromised JPNIC's private key).
This is still just an extension of the trust you already have in your
parent domains. You already have to trust that a parent domain's
servers aren't going to be subverted and used to provide false answers.
And since the most likely way for a DNSSEC key to get compromised is
for it to be stolen (rather than cracked via the public key or
signatures), these two levels of trust turn out to be the same.
(In fact, a wily attacker would just use his access to the zone to make
his changes, rather than having to spoof every client / resolver / cache
individually.)
There really is very little new here, in terms of the trust that's being
placed in zone maintainers. It's just that DNSSEC now allows you to
have the maintainers (which you already trust, see above) protect the
integrity of records they send to you as they go across the wire.
(That is: You already trust the zones above you to maintain the
integrity of the zone on the *server*; DNSSEC just extends that
protection on the *wire*.)
--Richard
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf