>You assume the new .net key (and what's signed with it) would be >supplied to all users of the DNS, rather than used for a targeted >attack on one user (or a small number of users). Why assume the >potential adversary will restrict himself to the dumbest possible way >to use the new tools you're about to hand him?
I dunno about you, but if some part of the Federal government wanted to mess with a particular target, it's much more likely they would arrange for some large NSPs do some adjusted BGP. Or even more likely some guys in suits would show up at Verisign and say, "We're from [redacted] and we would appreciate it if you arranged for requests for [redacted].net from network [redacted]/15 to resolve to [redacted] for the next couple of weeks." Personally, I like Paul's theory about the DHS dork with a press release. He doesn't understand zones or delegation or the root servers or routing or anything else, but the signing key will let them Take Control of this Vital Resource in case of National Emergency. You know, like they did in New Orleans. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "More Wiener schnitzel, please", said Tom, revealingly. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]