Mark Andrews wrote:
>>To exchange the trust anchors, you need cryptographically secure
>>end to end security, which is not provided by DNSSEC.
>>
>>If you and your peer already have secure channel, you have no
>>reason to use DNSSEC for secure identification nor communication
>>with the peer.
> Incorrect.
Thank you for the convincing demonstration that I am correct.
>>As the level of security is no different from PODS, it is the
>>worst thing to bother to exchange public keys.
> Incorrect.
Thanks again.
>>> If you have a solution that scales I'd love to hear it.
>>Because DNS is not end to end, DNS does not really scale,
>>manifestation of which is load on root servers.
> None answer.
Wrong question.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
