Andrew Sullivan wrote:
>>Social implementations of DNSSEC may be (or, considering its complexity,
>>will always be) vulnerable to tampering from any person.
> This seems like a strong claim.
Not at all.
Instead, that PKI, including DNSSEC, were cryptographically secure
is a unfounded strong cla
On Wed, Aug 13, 2008 at 08:04:08PM +0900, Masataka Ohta wrote:
> > relationships; and because we know that humans make a lot of errors;
>
> It's interesting that you just mention erros and ignore social
> implementation details nor intentional attacks.
There are two elements to what you are clai
On Aug 13, 2008, at 4:04 AM, Masataka Ohta wrote:
Maybe, Ted could provide some virtual-world data realistic enough to
deny the real-world statistical data such as:
djb> Last week's surveys by the DNSSEC developers ("SecSpider") have
found a
djb> grand total of 99 signed dot-com names out of t
On Aug 13, 2008, at 9:50 AM, Ted Lemon wrote:
Ohta-san, you made the claim that managing DNSSEC is so much more work
than maintaining regular DNSSEC
Er, "regular DNS," not "regular DNSSEC."
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/m
Moin!
On Aug 13, 2008, at 18:50 , Ted Lemon wrote:
On Aug 13, 2008, at 4:04 AM, Masataka Ohta wrote:
Maybe, Ted could provide some virtual-world data realistic enough to
deny the real-world statistical data such as:
djb> Last week's surveys by the DNSSEC developers ("SecSpider")
have found
On Aug 13, 2008, at 10:21 AM, Ralf Weber wrote:
Hmm, assuming that we both did use the same name server software my
experiences are different. Compared to regular DNS setting up and more
importantly maintaining DNSSEC is much more work than normal DNS stuff
(zone resigning, key rollover) .
You'
> On Wed, 13 Aug 2008 19:21:44 +0200, Ralf Weber <[EMAIL PROTECTED]> said:
RW> Hmm, assuming that we both did use the same name server software my
RW> experiences are different. Compared to regular DNS setting up and more
RW> importantly maintaining DNSSEC is much more work than normal DNS stu
Moin!
On Aug 13, 2008, at 20:06 , Ted Lemon wrote:
On Aug 13, 2008, at 10:21 AM, Ralf Weber wrote:
Hmm, assuming that we both did use the same name server software my
experiences are different. Compared to regular DNS setting up and
more
importantly maintaining DNSSEC is much more work than
On Aug 13, 2008, at 12:19 PM, Ralf Weber wrote:
Well you have to change keys with cryptography from time if you want
to be save. RFC2541 says once a year, RFC4641 doesn't give any advise,
but e.g RIPE which referring to this is doing a rollover every 6
months.
A 2048-bit key will take a reall
Ted Lemon wrote:
> Ohta-san, you made the claim that managing DNSSEC is so much more work
> than maintaining regular DNSSEC that the cost of doing so outweighed
> the benefit of doing so - the added security. You provided no
> statistics to back up that claim,
I presented the real-world s
On Aug 13, 2008, at 10:28 PM, Masataka Ohta wrote:
I presented the real-world statistical data to support my claim
that DNSSEC requires to much work. That is, it is hardly deployed
because it requires to much work.
I must have missed that message.
Does your personal experience have any statis
11 matches
Mail list logo
