Re: DNSSEC is NOT secure end to end (more tutorial than debating)

Mark Andrews Tue, 02 Jun 2009 17:55:31 -0700

In message <alpine.lfd.1.10.0906022034140.22...@newtla.xelerance.com>, Paul Wou
ters writes:
> On Wed, 3 Jun 2009, Masataka Ohta wrote:
> 
> > You can, for example, bribe a personnel or two, against which there
> > is no cryptographical protection, which means PKI is weakly secure.
> 
> You have never heard of a Hardware Security Module?
 
        HSM doesn't stop the wrong data being signed.  It just stops
        it being signed on machines other that the designated servers.


        Mark

> Paul
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Re: DNSSEC is NOT secure end to end (more tutorial than debating)

Reply via email to