New addresses for b.root-servers.net

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matt Corallo wrote:

>> As PKI, including DNSSEC, is subject to MitM attacks, is
>> not cryptographically secure, does not provide end to end
>> security and is not actually workable, why do you bother?
> 
> It sounds like you think nothing is workable, we simply cannot make 
> anything secure

If an end and another end directly share a secret
key without involving untrustworthy trusted third
parties, the ends are secure end to end.

> - if we should give up on WebPKI (and all its faults) 
> and DNSSEC (and all its faults) and RPKI (and all its faults), what do 
> we have left?

An untrustworthy but light weight and inexpensive (or free)
PKI may worth its price and may be useful to make IP address
based security a little better.

					Masataka Ohta

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]