New addresses for b.root-servers.net
Masataka Ohta
mohta at necom830.hpcl.titech.ac.jp
Wed Jun 21 05:39:31 UTC 2023
Matt Corallo wrote:
>> As PKI, including DNSSEC, is subject to MitM attacks, is
>> not cryptographically secure, does not provide end to end
>> security and is not actually workable, why do you bother?
>
> It sounds like you think nothing is workable, we simply cannot make
> anything secure
If an end and another end directly share a secret
key without involving untrustworthy trusted third
parties, the ends are secure end to end.
> - if we should give up on WebPKI (and all its faults)
> and DNSSEC (and all its faults) and RPKI (and all its faults), what do
> we have left?
An untrustworthy but light weight and inexpensive (or free)
PKI may worth its price and may be useful to make IP address
based security a little better.
Masataka Ohta
More information about the NANOG
mailing list