[dns-operations] DNSSEC in the root, please help me understand

[Matthew Dempsky]

On Fri, Jan 15, 2010 at 12:48 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> IMHO, it is not necessary: DNSSEC secures the data, not the channel
> (unlike TSIG or DNScurve). So, it works (it allows you to detect
> forgeries) even if you are redirected to the wrong name server.

Not if the server you're directed to isn't using DNSSEC.  Also,
ensuring you can reject the wrong data is different from ensuring you
can accept the right data.