ietf
[Top] [All Lists]

Re: Let's move on - Let's DNSCurve Re: DNSSEC is NOT secure end to end

2009-06-15 20:13:11
Past history is a good indicator of problems that may arise.

Past history is a very bad guarantee that problems will not arise in the future.




On Fri, Jun 12, 2009 at 7:54 PM, Masataka
Ohta<mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp> wrote:
Phillip Hallam-Baker wrote:

Past history is no guarantee of future performance.

Is your argument applicable to the following statement you just made
yesterday?

: Trust roots have to be valid for at least a decade to be acceptable to
: the application vendor community.

A pattern we see repeated over and over again is that a new control on
some form of Internet crime leads to a dramatic short term reduction
even though the control merely increases the cost of crime, not
eliminates the capability. This is the displacement effect. The
criminals attack weaker targets instead. Once the criminals have
exhausted the supply of easy targets the original targets see a sudden
increase in the crime rate, often orders of magnitude in a few days.

Note that, given dynamically generated zones, signature generation
mechanisms of DNSSEC is rather weaker targets.

                                                       Masataka Ohta





-- 
-- 
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>