ietf
[Top] [All Lists]

Re: [Asrg] DNSSEC is NOT secure end to end

2009-06-03 23:36:01
Bill Manning wrote:

      i think the distinction here might be characterised by 
      the use of terms:

      -channel security

Don't try to confuse the terminology.

With the terminology of "channel", the paper addresses the issue
that security by channels between zones or zone administrators
depends on security of intermediate zones and is not end to end.

      -data integrity

Date integrity is maintained through the channels between zones
hop by hop.

      DNSSEC - the signing of the data, provides a means to ensure the
      accuracy and integrity of the data, the payload.

The problem is that the accuracy and integrity of DNSSEC is not
cryptographically but socially secure.

So is plain old DNS.

So, there is no point to deploy DNSSEC.

                                                        Masataka Ohta


_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg