Re: New addresses for b.root-servers.net

[Mark Andrews <marka () isc org>]

Which you can do with DNSSEC but the key management will be enormous. 

-- 
Mark Andrews

> On 21 Jun 2023, at 15:39, Masataka Ohta <mohta () necom830 hpcl titech ac jp> wrote:
>
> Matt Corallo wrote:
>
> > > As PKI, including DNSSEC, is subject to MitM attacks, is
> > > not cryptographically secure, does not provide end to end
> > > security and is not actually workable, why do you bother?
> > It sounds like you think nothing is workable, we simply cannot make anything secure
>
> If an end and another end directly share a secret
> key without involving untrustworthy trusted third
> parties, the ends are secure end to end.
>
> > - if we should give up on WebPKI (and all its faults) and DNSSEC (and all its faults) and RPKI (and all its faults), 
> > what do we have left?
>
> An untrustworthy but light weight and inexpensive (or free)
> PKI may worth its price and may be useful to make IP address
> based security a little better.
>
>                    Masataka Ohta