IETF Logo Mail Archive

Re: [Asrg] DNSSEC is NOT secure end to end

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Sat, 06 June 2009 04:10 UTC

Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 46E6E3A6CB0 for <asrg@core3.amsl.com>; Fri, 5 Jun 2009 21:10:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.863
X-Spam-Level: **
X-Spam-Status: No, score=2.863 tagged_above=-999 required=5 tests=[AWL=-1.104, BAYES_40=-0.185, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_NJABL_PROXY=1.643]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-27bndzaohy for <asrg@core3.amsl.com>; Fri, 5 Jun 2009 21:10:16 -0700 (PDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by core3.amsl.com (Postfix) with SMTP id BD4D63A6BF3 for <asrg@irtf.org>; Fri, 5 Jun 2009 21:10:15 -0700 (PDT)
Received: (qmail 60580 invoked from network); 6 Jun 2009 05:41:47 -0000
Received: from softbank219001188006.bbtec.net (HELO necom830.hpcl.titech.ac.jp) (219.1.188.6) by necom830.hpcl.titech.ac.jp with SMTP; 6 Jun 2009 05:41:47 -0000
Message-ID: <4A29EC02.6000807@necom830.hpcl.titech.ac.jp>
Date: Sat, 06 Jun 2009 13:09:38 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: ja, en
MIME-Version: 1.0
To: David Wilson <David.Wilson@isode.com>
References: <200905302032.n4UKVxaZ048822@givry.fdupont.fr> <4A21C0CB.8070409@necom830.hpcl.titech.ac.jp> <8EFB68EAE061884A8517F2A755E8B60A1EF83F8661@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <4A252B54.6020508@necom830.hpcl.titech.ac.jp> <1244061519.2778.62.camel@bravo.isode.net>
In-Reply-To: <1244061519.2778.62.camel@bravo.isode.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: Anti-Spam Research Group - IRTF <asrg@irtf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [Asrg] DNSSEC is NOT secure end to end
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2009 04:10:16 -0000

David Wilson wrote:

> However, I think there is some difference in the way people are using
> some terms.

According to the terminology of David Clark, PKI including DNSSEC
is not secure end to end.

> "End-to-end" security means that the security of that data item does not
> depend on the trustworthiness of any intermediate node, or channel.

According to the terminology of David Clark, certificate authorities
are intermediate nodes.

If you have different terminology, use it outside of the Internet
community but not within.

						Masataka Ohta

v2.23.0 | Report a Bug | By Email