Mark;
> And what does this have to do with DNSSEC?
The theory explains the reality that public key cryptography
(including DNSSEC) is not used for serious purposes.
The theory can be used to explain some (or most or all) of
operational difficulty of DNSSEC deployment.
> DNSSEC is designed to allow you to verify that the data you
> receive from the DNS is that which was entered. That your
> transactions havn't been spoofed.
Such security is not useful for serious purposes, when no one is
really responsible if your transactions are spoofed.
So,
> > We can live with the weak security, security level of which is,
> > with proper 3 way handshaking with cookies, equivalent to that
> > of the telephone network.
Just as you can rely on people operating name servers, you
can rely on people operating routers.
Masataka Ohta
