[RSSAC Caucus] Threat Mitigation for the Root Server System
Mukund Sivaraman
muks at mukund.org
Thu Oct 3 09:24:18 UTC 2019
On Thu, Oct 03, 2019 at 04:45:08AM -0400, Michael Casadevall wrote:
> Resolver: Oh, it's authoritative, I don't need to worry about DNSSEC.
Validating resolvers don't do this.
BTW, this is the premise of DNSSEC - the end-to-end validation of
data. It doesn't matter how you've received the data, whether through a
trusted or untrusted party, whether through a secure or compromised
nameserver. A validating client validates the _data_.
Mukund
More information about the rssac-caucus
mailing list