To:
Brad Knowles <brad.knowles@skynet.be>
CC:
Mark.Andrews@isc.org, namedroppers@ops.ietf.org, dnsop@cafax.se, dnssec@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Sun, 21 Jul 2002 05:05:41 +0859 ()
In-Reply-To:
<a05111b00b95b44490c65@[10.0.1.60]> from Brad Knowles at "Jul 17,2002 07:53:39 pm"
Sender:
owner-dnsop@cafax.se
Subject:
Re: dnssec discussion today at noon
Brad; > > Shared key cryptography can be a protection from the MITM attack. > > They are subject to replay attacks. PAP is, CHAP is not. > If you're talking about cryptography or computer security and you > don't know who Schneier is, then you don't know anything useful about > cryptography or computer security. See above. > There is nothing in the field of cryptography that can begin to > compare with a properly implemented one-time pad. This is a known > fact. :-) You should really read text books. In addition, you should know that cache poisoning of DNS is prevented simply by having separate cache for each referral point, which has nothing to do with cryptography but can be understood with basic knowledge on computer security. > > Even if you can, have you ever checked standard contract of CAs? How > > much is the upper limit of compensation for failed transaction? > > Who needs civil law? Go after them as they did with Eugene > Kashpureff, and put the sucker in jail! It is clearly stated in their contract that operators of CAs won't compensate much. It is obvious that people here who operate root and tld servers won't compensate much. We can not be responsible for the stupidity of someone who use DNSSEC to secure billion dollar transactions. Civil laws will treat those who think they secured billion dollar transactions, simply because they pay $100 treat accordingly. Masataka Ohta