On Thu, 21 Aug 2008, Masataka Ohta wrote:
Instead, MitM attack on DNSSEC is performed, for example, within intermediate zones with forged signature on child zone with forged end-users data.
Oh I see. DNSSEC is broken because we cannot trust RSA, DSA, SHA256, DiffieHellman, and perhaps eliptic curve.... Ok, let's go for your solution that does not depend on any of these :P
It means that there is no MitM attack on PODS.
Since I am not at "many places at once", how does PODS have no mitm? My laptop stores info about 1 billion domain names? It's first hop is a router you don't own..... So your solution 1) scales, 2) no intermediaries whatsoever (on a packet based internet no less), 3) does not use weak untrusted worldwide used ciphers and public key systems. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
