David Wilson wrote: >>As has been discussed in the thread, DNSSEC is NOT a protection >>against cache poisoning, because caches poisoned with forged >>certificate breaks the security.
> I think you need to explain how this happens in detail.
In detail??? See below.
> With DNSSEC, a security aware resolver will want to check the signature.
Except for glue A.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
