To:
sommerfeld@orchard.arlington.ma.us
cc:
Keith Moore <moore@cs.utk.edu>, RJ Atkinson <rja@extremenetworks.com>, keydist@cafax.se
From:
Keith Moore <moore@cs.utk.edu>
Date:
Tue, 26 Mar 2002 15:46:11 -0500
In-reply-to:
(Your message of "Tue, 26 Mar 2002 15:40:58 EST.") <20020326204103.CA8512A4E@orchard.arlington.ma.us>
Sender:
owner-keydist@cafax.se
Subject:
Re: My take on the BoF session
> So, when DNSSEC is involved, this attack needs to happen prior to zone > signing -- i.e., the "registration" end needs to be attacked, not > merely the data present on a particular secondary server. perhaps that's also a threat, but I'm thinking of attacks where a higher-level zone betrays the trust that is placed in it, either because the zone administrator willing facilitates the attack, or because the zone private key is compromised. Keith