To:
masataka ohta <mohta@necom830.hpcl.titech.ac.jp>
CC:
Rob Austein <sra+namedroppers@hactrn.net>, namedroppers@ops.ietf.org, dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Mon, 10 Nov 2003 14:02:53 +0900
In-Reply-To:
<3FA08FF3.2000708@necom830.hpcl.titech.ac.jp>
Sender:
owner-dnsop@cafax.se
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Subject:
Re: Reality check (was Re: Wildcard NS and DNSSEC)
Hi, I'm posting to both DNSEXT and DNSOP. As I post to DNSEXT ML, > I do love simple approaches. > > However, in this case, the complexity is not in wildcard but > in DNSSEC. > > So, the proper question is > > do we need DNSSEC? > > and the reality is that we don't. > > Just discard DNSSEC and move along. I think secure DNS, with its complexity, is hard to deploy and does not worth the deployment effot. Given that securty problem on small ID space is solvable (as was discussed recently with subject "preventing cache contamination"), do we still have to try secure DNS deployed (in vain)? Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.