On Sat, 26 Mar 2005, Joe Abley wrote:
The obvious rejoinder to this is that there are no trustworthy pointers from the root down (and no way to tell if the root you are talking to contains genuine data) unless all the zones from the root down are signed with signatures you can verify and there's a chain of trust to accompany each delegation.
If you don't have cryptographic signatures in the mix somewhere, it all boils down to trusting IP addresses.
Signatures don't create trust. A signature can only confirm an existing trust relationship. DNSSEC would have the same problem, where do you get the trustworthing signatures? By connecting to the same root you don't trust? As a practical matter, you can stop 99% of the problems with a lot less effort. Why has SSH been so successful, and DNSSEC stumbled so badly? Always initiate the call yourself. Always check the nonce in the answer. Never accept unsolicited data. Never accept answers to questions you didn't ask. Besides, if you don't trust IP addresses even if the entire DNS tree was signed by trustworthy keys I'd just hijack the IP address in the DNS answer anyway. Quarantine NAT is very good at this.