On Mon, 11 Apr 2022, Masataka Ohta wrote:
I can't see any reason why you think the root zone is more secure than TLDs, especially because, as I wrote:
Because I am informed about their operational procedures and I contributed to the technical design as one of the for the DNS Root Zone Key-Signing-Key of the Root Zone Rollover advisory group. I was also responsible for the design and implementation of a large TLD fully implementation redundant DNSSEC signer solution. I talked to a lot of TLD operators at ICANN during my term as the IETF Liason to the ICANN Technical Expert Group.
: Third, all the CAs, including TLDs, pursuing commercial : success have very good appearance using such words as : "HSMs" or "four eyes minimum". That is, you can't : compare actual operational/physical strength from : their formal documents.
This is an anecdote, that a logical reasoned argument.
: A false sense of security that DNSSEC were : cryptographically secure
This remains factually incorrect, no matter how many times you quote yourself.
: motivates the operators : ignore DNSSEC operation rules, which are very : complicated and hard to follow, for relatively : strong physical security, which might be what : happened in diginotar.
This is hearsay combined with personal opinion that is unsubstantiated by facts. As for your other mail to list, it seems we do not in fact have an ongoing discussion. You keep repeating and quoting yourself as evidence while people keep telling you they disagree with your quotes. But to make it abundantly clear this is not a discussion, I shall refrain from further messages so you cannot miscatageorize my correspondence as a "discussion of peers". Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
