[EMAIL PROTECTED] (Paul Vixie) writes: > my chosen problem statement is "how can we secure end-to-end" because i am > worried about corruption inside servers not just between them, and i want > to defend against provider-in-the-middle attacks (including several that > opendns currently monetizes.)
i forgot to mention, i'm also worried about on-path attackers not just the off-path attackers kaminsky, klein and dagon have recently noted. no hop- by-hop solution can address the problem of a MiTM who can see and/or alter your queries and responses. therefore even though end-to-end ("DNSSEC") has been painful and has taken too long to get deployable and is rather ugly, i'm backing it. -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop