Andrew Sullivan wrote: >>Social implementations of DNSSEC may be (or, considering its complexity, >>will always be) vulnerable to tampering from any person.
> This seems like a strong claim. Not at all. Instead, that PKI, including DNSSEC, were cryptographically secure is a unfounded strong claim never supported by real-world statistical data. Maybe, Ted could provide some virtual-world data realistic enough to deny the real-world statistical data such as: djb> Last week's surveys by the DNSSEC developers ("SecSpider") have found a djb> grand total of 99 signed dot-com names out of the 70 million dot-com djb> names on the Internet. > This seems like a strong claim. Are you really just claiming that, > because humans are involved and because it depends on proving trust > relationships; and because we know that humans make a lot of errors; It's interesting that you just mention erros and ignore social implementation details nor intentional attacks. Without them, plain text password of ftp, for example, is perfectly secure. Masataka Ohta _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop