To:
Mark.Andrews@isc.org
CC:
namedroppers@ops.ietf.org, dnsop@cafax.se, dnssec@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Tue, 16 Jul 2002 14:04:32 +0859 ()
In-Reply-To:
<200207160329.g6G3TcJe072732@drugs.dv.isc.org> from "Mark.Andrews@isc.org"at "Jul 16, 2002 01:29:38 pm"
Sender:
owner-dnsop@cafax.se
Subject:
Re: dnssec discussion today at noon
Mark; > And what does this have to do with DNSSEC? The theory explains the reality that public key cryptography (including DNSSEC) is not used for serious purposes. The theory can be used to explain some (or most or all) of operational difficulty of DNSSEC deployment. > DNSSEC is designed to allow you to verify that the data you > receive from the DNS is that which was entered. That your > transactions havn't been spoofed. Such security is not useful for serious purposes, when no one is really responsible if your transactions are spoofed. So, > > We can live with the weak security, security level of which is, > > with proper 3 way handshaking with cookies, equivalent to that > > of the telephone network. Just as you can rely on people operating name servers, you can rely on people operating routers. Masataka Ohta