IETF Logo Mail Archive

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Sat, 14 September 2013 13:38 UTC

Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2C1221F85BB for <ietf@ietfa.amsl.com>; Sat, 14 Sep 2013 06:38:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.063
X-Spam-Level:
X-Spam-Status: No, score=-0.063 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zgFeIXv41xh9 for <ietf@ietfa.amsl.com>; Sat, 14 Sep 2013 06:38:28 -0700 (PDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by ietfa.amsl.com (Postfix) with SMTP id 7FB2621E808C for <ietf@ietf.org>; Sat, 14 Sep 2013 06:38:13 -0700 (PDT)
Received: (qmail 2164 invoked from network); 14 Sep 2013 13:33:02 -0000
Received: from necom830.hpcl.titech.ac.jp (HELO ?127.0.0.1?) (131.112.32.132) by necom830.hpcl.titech.ac.jp with SMTP; 14 Sep 2013 13:33:02 -0000
Message-ID: <52346647.8070907@necom830.hpcl.titech.ac.jp>
Date: Sat, 14 Sep 2013 22:36:07 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: mrex@sap.com
Subject: Re: [DNSOP] Practical issues deploying DNSSEC into the home.
References: <20130913230723.17DC51A966@ld9781.wdf.sap.corp>
In-Reply-To: <20130913230723.17DC51A966@ld9781.wdf.sap.corp>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2013 13:38:34 -0000

Martin Rex wrote:

> There is no problem with the assumption that trusted third party
> _could_ exist.

It couldn't.

What organization in US can be trusted against attacks by USG?

Note that Snowden demonstrated that even USG failed to keep its
top secret.

> The reason where PKI breaks badly is whenever the third party that
> Bob selected as _his_ third party is not a third party that Alice
> has volutarily chosen herself to trust.  Instead, PKI forces
> Alice to trust dozens of third parties, one or more per every
> Bob out there.

In short, PKI is against the end to end principle, because
CAs are intelligent intermediate systems.

But, if CAs were trusted third parties, it means both Alice
and Bob can safely trust them.

						Masataka Ohta

v2.29.0 | Report a Bug | By Email | System Status