On 27September2010Monday, at 7:48, Tony Finch wrote:
On Fri, 24 Sep 2010, Phillip Hallam-Baker wrote:
DNSSEC is a mechanism for establishing inter-domain trust. It is not an
appropriate technology for intra-domain trust.
Why not?
Because the "atomic" unit of DNSSEC is a domain/zone/delegation, not a
specific RRset.
Everything in a domain has the exact same threat model.
--bill
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
ROUGH. RAIN THEN FAIR. GOOD.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf