Re: DNSSEC is NOT secure end to end (more tutorial than debating)

ietf

Re: DNSSEC is NOT secure end to end (more tutorial than debating)

2009-06-02 21:00:33

On Wed, 3 Jun 2009, Mark Andrews wrote:

You can, for example, bribe a personnel or two, against which there
is no cryptographical protection, which means PKI is weakly secure.


You have never heard of a Hardware Security Module?


        HSM doesn't stop the wrong data being signed.  It just stops
        it being signed on machines other that the designated servers.


The context was the "false security" of DNSSEC and the "third party  trust".
Obviously changing the raw dns data is possible both with and without DNSSEC.

Paul
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNSSEC is NOT secure end to end, (continued) Re: DNSSEC is NOT secure end to end, Masataka Ohta RE: DNSSEC is NOT secure end to end, Paul Wouters Re: [Asrg] DNSSEC is NOT secure end to end, Doug Otis Re: DNSSEC is NOT secure end to end, Richard Barnes Re: DNSSEC is NOT secure end to end (more tutorial than debating), Thierry Moreau Re: DNSSEC is NOT secure end to end (more tutorial than debating), Richard Barnes Re: DNSSEC is NOT secure end to end (more tutorial than debating), Thierry Moreau Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Paul Wouters Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Paul Wouters <= Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Michael StJohns Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Andrew Sullivan Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta DNSSEC was never designed for transport end to end security, Bill Manning DNSSEC is NOT secure end to end, Masataka Ohta

Previous by Date:	Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews
Next by Date:	Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews
Previous by Thread:	Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews
Next by Thread:	Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews
Indexes:	[Date] [Thread] [Top] [All Lists]