nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New addresses for b.root-servers.net

From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Wed, 21 Jun 2023 14:39:31 +0900
Matt Corallo wrote:


As PKI, including DNSSEC, is subject to MitM attacks, is
not cryptographically secure, does not provide end to end
security and is not actually workable, why do you bother?
It sounds like you think nothing is workable, we simply cannot make anything secure 

If an end and another end directly share a secret
key without involving untrustworthy trusted third
parties, the ends are secure end to end.
- if we should give up on WebPKI (and all its faults) and DNSSEC (and all its faults) and RPKI (and all its faults), what do we have left? 

An untrustworthy but light weight and inexpensive (or free)
PKI may worth its price and may be useful to make IP address
based security a little better.

                                        Masataka Ohta
Previous By Date Next
Previous By Thread Next

Current thread: