nanog mailing list archives
Re: DNSSEC in Plain English
From: Michael.Dillon () btradianz com
Date: Thu, 15 Jun 2006 11:11:15 +0100
but it ain't the crypto. never has been. and it is not always easy to explain math in plain english. so let's focus on where work needs to be done.
You and I are in violent agreement. The problem is in understanding whether or not the crypto under the hood really does provide a TRUSTABLE system. And that is more to do with policies and procedures. This is the stuff that I don't see explained in plain English so that the decision makers who rely on DNS can make a decision on DNSSEC. Ed Lewis pointed out two presentations which he claims have no crypto. However his own presentation at Apricot is laced with technical jargon including crypto. Stuff like "hierarchy of public keys", "DNSSEC data", "hash of the DNSKEY", "certificates", and so on. This is fine for a technical audience but it won't help explain the issue to the decision makers who spend the money. I understand how the crypto works to the extent that I believe it is technically possible for something like DNSSEC to work. However, I don't see an explanation of the policies and procedures that convinvces me that it DNSSEC really does work. The history of crypto-based security is filled with flawed implementations. --Michael Dillon --Michael Dillon
Current thread:
- Re: wrt joao damas' DLV talk on wednesday, (continued)
- Re: wrt joao damas' DLV talk on wednesday Gregory Hicks (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Paul Vixie (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- howto deploy DNSSEC [was: Re: wrt joao damas' DLV talk on wednesday] Rick Wesson (Jun 13)
- Re: howto deploy DNSSEC [was: Re: wrt joao damas' DLV talk on wednesday] Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Lucy E. Lynch (Jun 14)
- Re: wrt joao damas' DLV talk on wednesday Paul Vixie (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Gregory Hicks (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 13)
- Re: wrt joao damas' DLV talk on wednesday Michael . Dillon (Jun 14)
- Re: wrt joao damas' DLV talk on wednesday Paul Vixie (Jun 14)
- Re: wrt joao damas' DLV talk on wednesday Randy Bush (Jun 14)
- Re: DNSSEC in Plain English Michael . Dillon (Jun 15)
- Re: DNSSEC in Plain English Edward Lewis (Jun 15)
- Re: wrt joao damas' DLV talk on wednesday Edward Lewis (Jun 14)