Andrew Sullivan wrote:
> I fully agree. I just want to make sure we're not holding ourselves
> to an operational standard that is just impossible to reach. If we
> want "proof" and "facts" about whether something won't ever be
> compromised,
Remember that DNSSEC was developed because it was believed to make
DNS proven to be secure.
> it's not going to happen (so I'm very keen we not put
> anything resembling such language in any draft). That's all I was
> saying.
You are saying DNSSEC is *NOT* cryptographically secure.
You are saying DNSSEC merely operationally secure.
And, you are right.
That is, there is no point of deploying DNSSEC.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
