Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

ietf

Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

2009-06-13 05:26:37

Phillip Hallam-Baker wrote:

Past history is a very bad guarantee that problems will not arise in the 
future.


So, you mean your statement:

: Trust roots have to be valid for at least a decade to be acceptable to
: the application vendor community.

hardly guarantee anything.

Be liberal in anticipating repeat of past problems,


Indeed.

Unnoticeable cache poisoning by glues is repeated even with
bailiwick and once again with DNSSEC.

be conservative in
your expectation that new problems will not arise.


The protection is to make protocols as simple as possible.

The following paper discusses about it to some extent.

http://ftp.csci.csusb.edu/ykarant/courses/f2007/csci530/papers/counterpane-ipsec.pdf

                                                Masataka Ohta

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, (continued) Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Mark Andrews Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Mark Andrews Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta <= Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Stephen Kent Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, David Conrad Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Stephen Kent Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Florian Weimer Message not available Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Florian Weimer

Previous by Date:	Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Masataka Ohta
Next by Date:	Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Florian Weimer
Previous by Thread:	Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Next by Thread:	Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end, Phillip Hallam-Baker
Indexes:	[Date] [Thread] [Top] [All Lists]