Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)
2014-08-11 05:51:32On 10 Aug 2014, at 19:35, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
From those perspectives, a registrar or registry who might collude with a criminal registrant to create deliberately deceptive names and associated registration data (or whose procedures allow similar results without explicit collusion) is fully as much part of the threat model as a CA that issues certificates without any attempt to verify the identity of the entity being certified or who colludes in deliberately hiding or distorting the information.As far as I can tell, we don't have a good word to describe what DNSSEC does.
Roy Arends used to call it “expensive error checking”. The only word left to argue about would be “expensive” as that is relative to the value of that being checked. Joao
signature.asc
Description: Message signed with OpenPGP using GPGMail
| Previous by Date: | RE: IETF-91 Question - Hilton Hawaiian village construction and resort fee, Christer Holmberg |
|---|---|
| Next by Date: | Re: IETF-91 Question - Hilton Hawaiian village construction and resort fee, Thomas D. Nadeau |
| Previous by Thread: | Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC), Andrew Sullivan |
| Next by Thread: | Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC), Henry B Hotz |
| Indexes: | [Date] [Thread] [Top] [All Lists] |