On Wed, Aug 13, 2008 at 08:04:08PM +0900, Masataka Ohta wrote: > > relationships; and because we know that humans make a lot of errors; > > It's interesting that you just mention erros and ignore social > implementation details nor intentional attacks.
There are two elements to what you are claiming there: 1. Social implementation details. This was in fact what I was trying to clarify. It seemed to me you were suggesting that the social implementation details are weak in some way (weaker than the existing trust relationship with the parent for the parent side of the NS record at the zone cut). I thought that perhaps you were noting that there is possibly somewhat more maintenance involved in DNSSEC operations, and therefore more opportunities for human error, &c. I can't tell from your answer whether this is in fact what you meant or not. 2. Intentional attacks. This appears to be a claim that DNSSEC is inherently vulnerable to particular attacks. If there are such attacks that are not already mentioned in the specification, it'd be nice to hear what they are now, before we have wider deployment. Do you have such details? Best, A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
