[EMAIL PROTECTED] (Paul Vixie) writes:
> my chosen problem statement is "how can we secure end-to-end" because i am
> worried about corruption inside servers not just between them, and i want
> to defend against provider-in-the-middle attacks (including several that
> opendns currently monetizes.)
i forgot to mention, i'm also worried about on-path attackers not just the
off-path attackers kaminsky, klein and dagon have recently noted. no hop-
by-hop solution can address the problem of a MiTM who can see and/or alter
your queries and responses.
therefore even though end-to-end ("DNSSEC") has been painful and has taken
too long to get deployable and is rather ugly, i'm backing it.
--
Paul Vixie
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
