[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opportunistic encryption deployment problems

To: Jari Arkko <jari.arkko@kolumbus.fi>
Subject: Re: opportunistic encryption deployment problems
From: Jakob Schlyter <jakob@crt.se>
Date: Tue, 21 Aug 2001 09:30:15 +0200 (MEST)
Cc: <sommerfeld@East.Sun.COM>, Michael Richardson <mcr@sandelman.ottawa.on.ca>, <ipsec@lists.tislabs.com>, <design@lists.freeswan.org>, Wes Hardaker <wes@hardakers.net>, Hugh Daniel <hugh@road.xisp.net>
In-Reply-To: <018401c129fe$9bdd7b20$8a1b6e0a@arenanet.fi>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 21 Aug 2001, Jari Arkko wrote:

 > While I do like how OE can be used from small to large deployment of
 > DNSSEC, I'm concerned that (a) DNSSEC will eventually bring the same
 > trouble as a large scale PKI would [such as the worries about people
 > being able to control their reverse mappings or their DNS at all], and
 > (b) it may not be the most effective weak authentication scheme [and
 > it is weak until the root gets signed].

what makes DNSSEC weak just because the root is not signed? there is
nothing that stops us from signing the in-addr.arpa zone before root and
when this is done people can start trusting it immediately if they like to.

	jakob

Follow-Ups:

Re: opportunistic encryption deployment problems

From: Jari Arkko <Jari.Arkko@lmf.ericsson.se>

Re: opportunistic encryption deployment problems

From: Bill Manning <bmanning@ISI.EDU>

References:

Re: opportunistic encryption deployment problems

From: "Jari Arkko" <jari.arkko@kolumbus.fi>

Prev by Date: Re: opportunistic encryption deployment problems
Next by Date: Re: opportunistic encryption deployment problems
Prev by thread: Re: opportunistic encryption deployment problems
Next by thread: Re: opportunistic encryption deployment problems
Index(es):
- Main
- Thread