Bill Manning wrote:
i think the distinction here might be characterised by
the use of terms:
-channel security
Don't try to confuse the terminology.
With the terminology of "channel", the paper addresses the issue
that security by channels between zones or zone administrators
depends on security of intermediate zones and is not end to end.
-data integrity
Date integrity is maintained through the channels between zones
hop by hop.
DNSSEC - the signing of the data, provides a means to ensure the
accuracy and integrity of the data, the payload.
The problem is that the accuracy and integrity of DNSSEC is not
cryptographically but socially secure.
So is plain old DNS.
So, there is no point to deploy DNSSEC.
Masataka Ohta
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg