nanog mailing list archives
Re: DNSSEC and ISPs faking DNS responses
From: Tony Finch <dot () dotat at>
Date: Mon, 16 Nov 2015 11:11:33 +0000
Owen DeLong <owen () delong com> wrote:
Again, if you’re the only resolver the clients are using, you can claim that nothing from the root down is signed without ever providing any cryptographic anything.
If the client is validating it will know the root is signed and the ISP resolver will not be able to strip signature without breaking validation. Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ Thames, Dover, Wight, Portland: Southwest 6 to gale 8, decreasing 5 for a time, perhaps severe gale 9 later. Moderate or rough, occasionally very rough later. Rain at times. Moderate or good, occasionally poor.
Current thread:
- Re: DNSSEC and ISPs faking DNS responses, (continued)
- Re: DNSSEC and ISPs faking DNS responses Baldur Norddahl (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses John Levine (Nov 14)
- Re: DNSSEC and ISPs faking DNS responses John Levine (Nov 12)
- Re: DNSSEC and ISPs faking DNS responses Alejandro Acosta (Nov 12)
- Re: DNSSEC and ISPs faking DNS responses Owen DeLong (Nov 12)
- Re: DNSSEC and ISPs faking DNS responses John Levine (Nov 12)
- Re: DNSSEC and ISPs faking DNS responses Owen DeLong (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses John R. Levine (Nov 13)
- RE: DNSSEC and ISPs faking DNS responses eric-list (Nov 13)
- RE: DNSSEC and ISPs faking DNS responses Tony Finch (Nov 16)
- Re: DNSSEC and ISPs faking DNS responses Tony Finch (Nov 16)
- Re: DNSSEC and ISPs faking DNS responses Mark Milhollan (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses John Levine (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Roland Dobbins (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses John Levine (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Roland Dobbins (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Owen DeLong (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Roland Dobbins (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Owen DeLong (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Roland Dobbins (Nov 13)
- Re: DNSSEC and ISPs faking DNS responses Royce Williams (Nov 13)