In message
<alpine(_dot_)LFD(_dot_)1(_dot_)10(_dot_)0906022057560(_dot_)22834(_at_)newtla(_dot_)xelerance(_dot_)com>,
Paul Wou
ters writes:
On Wed, 3 Jun 2009, Mark Andrews wrote:
You can, for example, bribe a personnel or two, against which there
is no cryptographical protection, which means PKI is weakly secure.
You have never heard of a Hardware Security Module?
HSM doesn't stop the wrong data being signed. It just stops
it being signed on machines other that the designated servers.
The context was the "false security" of DNSSEC and the "third party trust".
Obviously changing the raw dns data is possible both with and without DNSSEC.
Paul
If you are "bribing personel" you need to assume they can
do anything the orginisation they work for can do. HSM's
don't help in this case. HSM's have their place but you
need to understand the limitations of the devices. HSM's
are better than just having the private component of a
public key sitting on a disk somewhere but in most operational
enviornments they don't add that much more security to the
process.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf