On Sat, Aug 09, 2008 at 04:33:55PM -0400, Paul Wouters wrote: > In general, for all those people who claim DNSSEC is not the solution, I > have a few questions > > 1) What is more broken with DNSSEC then on DNS? > 2) If DNSSEC is flawed, where is a better alternative?
An alternative was proposed by Masataka Ohta around 1995. It did not progress, but maybe it is time to trawl the archives and revisit it? http://www.ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01512.html http://www.ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01516.html http://www.ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01520.html On the other hand, the comment from Masataka Ohta was: the real problem of DNSSEC is that it is merely weakly secure so suggesting that a fundamental rethink is necessary. -- Andras Salamon [EMAIL PROTECTED] _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop