Andrew Sullivan wrote:
>>Remember that DNSSEC was developed because it was believed to make
>>DNS proven to be secure.
> You're equivocating on "proof" or "secure" or maybe both.
>
> DNSSEC allows you to prove that, assuming secure keys, you're getting
> the the correct (i.e. authoritatively-sourced) answer.
As a person who have been working on DNS before early days of DNSSEC,
I remember very well why DNSSEC was developed.
As is written in RFC2065:
Careful key generation is a sometimes overlooked but absolutely
essential element in any cryptographically secure system.
That is, DNSSEC was wrongly believed to be cryptographically secure.
> If you dislike the word "prove" and cognates to be used for anything
"cryptographically secure" is fatal enough.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
