ietf
[Top] [All Lists]

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-12 01:05:47
Phillip Hallam-Baker wrote:

3) A relying party thus requires a demonstration that is secure against a
replay attack from one or more trusted parties to be assured that the time
assertion presented is current but this need not necessarily be the same as
the source of the signed time assertion itself.

The real design decision is who you decide you are going to rely on for
(3). TLS is proof against replay attack due to the exchange of nonces.

How can you get secure time to securely confirm that a certificate
of TLS has not expired?

Use yet another PKI?

                                                Masataka Ohta

<Prev in Thread] Current Thread [Next in Thread>