Bjorn Mork wrote:
Are there anyone who still think, with reasons, DNSSEC were
cryptographically secure or had protected TLDs more securely
than diginotar?
Does DNSSEC make the TLD operators less trustworthy in your eyes?
Good point.
A false sense of security that DNSSEC were
cryptographically secure motivates the operators
ignore DNSSEC operation rules, which are very
complicated and hard to follow, for relatively
strong physical security, which might be what
happened in diginotar.
With proper recognition that DNSSEC is not cryptographically
secure, operators won't violate rules for physical security
of DNSSEC and, instead, stop operating DNSSEC.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
