On Sat, Aug 09, 2008 at 04:33:55PM -0400, Paul Wouters wrote:
> In general, for all those people who claim DNSSEC is not the solution, I
> have a few questions
>
> 1) What is more broken with DNSSEC then on DNS?
> 2) If DNSSEC is flawed, where is a better alternative?
An alternative was proposed by Masataka Ohta around 1995. It did not
progress, but maybe it is time to trawl the archives and revisit it?
http://www.ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01512.html
http://www.ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01516.html
http://www.ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01520.html
On the other hand, the comment from Masataka Ohta was:
the real problem of DNSSEC is that it is merely weakly secure
so suggesting that a fundamental rethink is necessary.
-- Andras Salamon [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
