In message <[email protected]>, Masataka Ohta writes:
> Thierry Moreau wrote:
>
> >> (That is: You already trust the zones above you to maintain the
> >> integrity of the zone on the *server*;
>
> > This assumption does not stand universally. For some DNS users/usage,
> > DNSSEC signature verification will be a must. The discussion implicitly
> > referred to such uses.
>
> A problem of blindly believing a zone administration is that it is
> only as secure as blindly believing an ISP administration.
>
> Attacking a router of a large ISPs is as easy/difficult as attacking
> a signature generation mechanism of a large zone.
The difference is we *have* to trust the zone administration.
There is no scalable way to avoid that trust issue.
We don't have to trust the router adminstration or caching
server administration or authoritative server adminstration.
> Moreover, administration of LAN of a local organization (my universty,
> for example) is as secure as administration of a zone local to the organizati
> on.
I've been on plenty of LAN's which I would treat as "hostile".
> You can, for example, bribe a personnel or two, against which there
> is no cryptographical protection, which means PKI is weakly secure.
Which is not a arguement for not doing DNSSEC. Knowing
where the risks are is how you do risk management. If you
arn't willing to accept some risks then don't connect to the
net.
> Masataka Ohta
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
