[EMAIL PROTECTED] (David Ulevitch) writes: > ... -- My goal is not to derail DNSSEC. It does that on its own. My > goal is to make sure people don't buy into the kool-aid being poured > that DNSSEC is the only solution. It isn't.
that depends on the problem statement, really. if the problem statement is "how can we secure hop-by-hop" then there are other solutions on the table right now besides DNSSEC. if the problem statement is "how can we secure end-to-end" then there are no other solutions on the table right now. my chosen problem statement is "how can we secure end-to-end" because i am worried about corruption inside servers not just between them, and i want to defend against provider-in-the-middle attacks (including several that opendns currently monetizes.) -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop