New addresses for b.root-servers.net

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Which you can do with DNSSEC but the key management will be enormous. 

-- 
Mark Andrews

> On 21 Jun 2023, at 15:39, Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp> wrote:
> 
> Matt Corallo wrote:
> 
>>> As PKI, including DNSSEC, is subject to MitM attacks, is
>>> not cryptographically secure, does not provide end to end
>>> security and is not actually workable, why do you bother?
>> It sounds like you think nothing is workable, we simply cannot make anything secure
> 
> If an end and another end directly share a secret
> key without involving untrustworthy trusted third
> parties, the ends are secure end to end.
> 
>> - if we should give up on WebPKI (and all its faults) and DNSSEC (and all its faults) and RPKI (and all its faults), what do we have left?
> 
> An untrustworthy but light weight and inexpensive (or free)
> PKI may worth its price and may be useful to make IP address
> based security a little better.
> 
>                    Masataka Ohta
> 

• Previous message (by thread): New addresses for b.root-servers.net
• Next message (by thread): New addresses for b.root-servers.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]