Jim Reid wrote: > The Bad Guy won't have the private keys,
Wrong.
While the Bad Guy as an ISP administrator won't have the private
keys, the Bad Guy as a zone administrator will have the private
keys.
That is, DNSSEC is not secure cryptographically, which is another
reason why not to deploy DNSSEC.
Masataka Ohta
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
