Andrew Sullivan wrote:
>>Social implementations of DNSSEC may be (or, considering its complexity,
>>will always be) vulnerable to tampering from any person.
> This seems like a strong claim.
Not at all.
Instead, that PKI, including DNSSEC, were cryptographically secure
is a unfounded strong claim never supported by real-world statistical
data.
Maybe, Ted could provide some virtual-world data realistic enough to
deny the real-world statistical data such as:
djb> Last week's surveys by the DNSSEC developers ("SecSpider") have found a
djb> grand total of 99 signed dot-com names out of the 70 million dot-com
djb> names on the Internet.
> This seems like a strong claim. Are you really just claiming that,
> because humans are involved and because it depends on proving trust
> relationships; and because we know that humans make a lot of errors;
It's interesting that you just mention erros and ignore social
implementation details nor intentional attacks.
Without them, plain text password of ftp, for example, is perfectly
secure.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
