the fact that masataka's proposal seemed qualitatively better to me eleven
years ago is moot. the reason dnssec isn't deployed yet has nothing to do
with any such qualitative differences. we are where we are, and what we've
got to do now is deploy what we've got now. the dnssec spec at present m
On Sat, 9 Aug 2008, Paul Wouters wrote:
>
> > DNSSEC, a cryptographic version of DNS, has been in development since
> > 1993 but is still not operational.
>
> It seems that Mr. Bernstein also suffers from the "America is the not the
> world" syndrome.
???
> > Bernstein said that DNSSEC offers
DNSSEC, a cryptographic version of DNS, has been in development since
1993 but is still not operational.
It seems that Mr. Bernstein also suffers from the "America is the not the
world" syndrome.
???
DNSSEC has been deployed on large scale by some TLD's and RIR's already.
It is very much ope
Dean Anderson wrote:
>>1) What is more broken with DNSSEC then on DNS?
DNSSEC is, socially, more dangerous than PODS, because DNSSEC gives
users false sense of security.
> The question really should be 'What is LESS broken with DNSSEC than with
> DNS?' Equally broken is bad, too. 'More broken'
> Dean Anderson wrote:
>
> >>1) What is more broken with DNSSEC then on DNS?
>
> DNSSEC is, socially, more dangerous than PODS, because DNSSEC gives
> users false sense of security.
>
> > The question really should be 'What is LESS broken with DNSSEC than with
> > DNS?' Equally broken is bad, t
> > To break DNSSEC, a phishing site pretending as your parent CA and
> > requesting you enter your private key is often enough.
>
> Which like most things to do with security is a matter of
> education.
To which I should have added. With DNSSEC you *never* need
to d
Mark Andrews wrote:
>>DNSSEC is, socially, more dangerous than PODS, because DNSSEC gives
>>users false sense of security.
> You already have to trust your parents to publish your
> delegating NS RRset.
So, technically, DNSSEC is no worse but no better than PODS.
>>That is, WG discu
On Aug 11, 2008, at 6:34 PM, Masataka Ohta wrote:
DNSSEC is, socially, more dangerous than PODS, because DNSSEC gives
users false sense of security.
The average user has a false sense of security completely independent
of what the underlying protocol is. So what matters is not what
sense
Ted Lemon wrote:
>> DNSSEC is, socially, more dangerous than PODS, because DNSSEC gives
>> users false sense of security.
> So what matters is not what sense of security the user has, but
> what actual security the user has.
The false sense of security makes people unconditionary accept DNS
re
> Mark Andrews wrote:
>
> >>DNSSEC is, socially, more dangerous than PODS, because DNSSEC gives
> >>users false sense of security.
>
> > You already have to trust your parents to publish your
> > delegating NS RRset.
>
> So, technically, DNSSEC is no worse but no better than PODS.
No.
On Aug 11, 2008, at 8:36 PM, Masataka Ohta wrote:
How can you explain the evidence that many people here think DNSSEC
more secure than PODS merely because it is called DNSSEC?
Are they less-than-average users?
No, Ohta-san. It _is_ more secure. Security is relative, not
absolute. You c
Ted Lemon wrote:
> No, Ohta-san. It _is_ more secure. Security is relative, not
> absolute.
Are you really talking about relative security?
If you are talking about security relative to the amount of
operational effort (that is, money!!!), PODS is definitly
more secure than DNSSEC.
12 matches
Mail list logo