Andrew Sullivan wrote: >>Remember that DNSSEC was developed because it was believed to make >>DNS proven to be secure.
> You're equivocating on "proof" or "secure" or maybe both. > > DNSSEC allows you to prove that, assuming secure keys, you're getting > the the correct (i.e. authoritatively-sourced) answer. As a person who have been working on DNS before early days of DNSSEC, I remember very well why DNSSEC was developed. As is written in RFC2065: Careful key generation is a sometimes overlooked but absolutely essential element in any cryptographically secure system. That is, DNSSEC was wrongly believed to be cryptographically secure. > If you dislike the word "prove" and cognates to be used for anything "cryptographically secure" is fatal enough. Masataka Ohta _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop