RE: DNSSEC - Signature Only vs the MX/A issue.

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

AS I have been saying for over a decade security is risk management, not risk elimination.

The point you make is not new, Bruce Scheneir made it together with Carl Ellison in a paper some years back. He was wrong then and Secrets and Lies is essentially explaining why.


Most cases of administrative incompetence will result in a complete loss of service. DNSSEC does not add a significant number of new ways to screw up and the remedy is exactly the same. 

The cases where administrative incompetence leads to a security breach are not as likely as direct attack and in any case very difficult to exploit successfully without inside knowledge that allows for more powerful attacks.

DNSSEC is not intended to control against administrator malfeasance. 




> -----Original Message-----
> From: Masataka Ohta [mailto:mohta@necom830.hpcl.titech.ac.jp] 
> Sent: Monday, December 11, 2006 7:48 PM
> To: Hallam-Baker, Phillip
> Cc: Paul Vixie; Christian Huitema; Ralph Droms; bert hubert; 
> namedroppers@ops.ietf.org
> Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
> 
> Hallam-Baker, Phillip wrote:
> 
> > If you want to make such statements first state your risk model.
> 
> Are you saying it to Paul's statement of "so the Secure DNS 
> model is end-to-end rather than interior-only."?
> 
> Anyway, if you use your risk model, your statements is 
> nothing more than a fantasy.
> 
> I, instead, have been stating the reality that ISPs and zone 
> administrators are equally (un)trustworthy.
> 
> As a result, DNSSEC is NOT cryptographycally secure and is as 
> secure as plain DNS.
> 
> 							Masataka Ohta
> 
> 
> 

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>