* Nicholas Weaver [2013-12-02 17:56]: > Actually spoofing DNSSEC replies even with knowledge of the root key is going > to be difficult...
If we assume the attacker can get the private root KSK from an US-based corp, then we should also assume they can get the private root ZSK from another US-based corp. As the owner of the root ZSK also owns the keys for .com, the attack becomes much easier. Regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
