Andrew Sullivan wrote: > I fully agree. I just want to make sure we're not holding ourselves > to an operational standard that is just impossible to reach. If we > want "proof" and "facts" about whether something won't ever be > compromised,
Remember that DNSSEC was developed because it was believed to make DNS proven to be secure. > it's not going to happen (so I'm very keen we not put > anything resembling such language in any draft). That's all I was > saying. You are saying DNSSEC is *NOT* cryptographically secure. You are saying DNSSEC merely operationally secure. And, you are right. That is, there is no point of deploying DNSSEC. Masataka Ohta _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop