[Cryptography] Preliminary review of the other Applied Cryptography

tpb-crypto at laposte.net tpb-crypto at laposte.net
Mon Apr 14 16:17:17 EDT 2014


> Message du 14/04/14 07:46
> De : "Christian Huitema" 
> > It's not because I find DNSSEC personally offensive or anything, but
> because
> > (and this is a very, very cut-down version of the longer reasoning in the
> > book) it's a huge amount of effort that achieves almost nothing. 
> 
> I think that you are restating a variant of the end-to-end argument. The
> Internet architecture has grown rather complex. A simple transaction like
> "loading a secure web page" will involve a bunch of actors, DNS resolvers
> and servers, web proxies and caches, firewalls and routers. One approach to
> security is to try to secure every little link of these complex chains. [...]

Experience proves that is not doable, even more if one has to consider a protocol like DNSSEC, I think it is offensive to do that amount of work and insert that amount of complexity for the "security" it provides, let's leave it like that, in quotes.


More information about the cryptography mailing list