[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNSSEC and ISPs faking DNS responses
Owen DeLong <owen at delong.com> wrote:
> Again, if you?re the only resolver the clients are using, you can claim that
> nothing from the root down is signed without ever providing any cryptographic
If the client is validating it will know the root is signed and the ISP
resolver will not be able to strip signature without breaking validation.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Thames, Dover, Wight, Portland: Southwest 6 to gale 8, decreasing 5 for a
time, perhaps severe gale 9 later. Moderate or rough, occasionally very rough
later. Rain at times. Moderate or good, occasionally poor.