The attack surface is the number of paths that are open to an attacker.
In the current model there is only one trust path, the PKIX path.
In the new model, the attacker has a choice of trust paths, the PKIX path
and the DNSSEC path and they can attack either of them.
The problem with the DNSSEC
On 1 October 2010 16:15, Phillip Hallam-Baker wrote:
>
>
> On Fri, Oct 1, 2010 at 6:05 PM, Matt McCutchen
> wrote:
>>
>> On Fri, 2010-10-01 at 11:29 -0400, Phillip Hallam-Baker wrote:
>> > In particular I am very concerned about the particular approach being
>> > taken to security policy. What th