Florian Weimer wrote:
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
Thanks for this feedback.
No, no, and no.
No, because I asked the question as a matter of security analysis
methodology. My conclusion is that no purpose justifying an attack on
the overall DNSSEC scheme particularly threatens the DNS root.
No, because while someone else's answer might be formulated based on
non-rationale anti-USG paranoia (leading to a nice media story), the
pervasive USG influence in the DNSSEC key management has very different
impacts, the foremost one being that the DNS root may actually be signed
soon (hey, great!).
No, because I don't want to handle the trouble of high visibility in a
field where the public relations are already mixing up things (e.g. .org
is signed but a registrant can't have a secure delegation for a .org
domain as of today).
Caveat: I stopped volunteering information about specific elements of
official DNSSEC root key management which might be criticized. It is
time for the DNS root signature project to move forward. Also, the
Intaglio NIC project has no value unless the official DNS root holds
secure delegations.
But even without this self-restraint, there would be no spin for a CNN
story. Dedication to good cryptographic key management is squarely dull
and boring for a typical person.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
