ietf
[Top] [All Lists]

Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)

2014-08-11 01:20:54
On Mon, Aug 11, 2014 at 01:16:26AM -0500, Nico Williams wrote:
 - DNSSEC does not provide confidentiality of protection for lookups and
   answers (while PKIX has no real directory service to speak of).

Arg, protection of confidentiality.

DNSSEC does provide integrity proection.  Which is to say:
authentication of data and its origin (assuming honest and secure
registrars, just like one has to assume honest and secure CAs in the
PKIX model).

Nico
-- 

<Prev in Thread] Current Thread [Next in Thread>