Paul Wouters wrote:
>> Instead, MitM attack on DNSSEC is performed, for example, within
>> intermediate zones with forged signature on child zone with forged
>> end-users data.
> Oh I see. DNSSEC is broken because we cannot trust RSA, DSA, SHA256,
> DiffieHellman, and perhaps eliptic curve....
That is certainly a valid argument.
However, it has nothingn to do with the MitM case above because
forged signature from a compromized zone is cryptographically valid.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
