funsec mailing list archives
Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..."
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 6 Aug 2010 15:30:10 -0400
Hi Dan,
but really, for the threat you discuss we already live in that future.
Agreed. But now, the US government (or another government controlling a DNS operator) must approach each DNS operator with their [secret] request. Under this scheme, the distributed, fault tolerant nature of DNS will be nullified. That is, a government only needs to poison the database of one cooperating operator, and other cooperating dns operators will dutifully incorporate the changes. To make matters worse, the poisoning will cross national/political boundaries - something governments don't fully enjoy under the current system. I would bet the proponents of the 'Internet Kill Switch'' are salivating like Pavlov's dog - I still remember the NSAKEY incident... Jeff On Fri, Aug 6, 2010 at 2:44 PM, Dan Kaminsky <dan () doxpara com> wrote:
Jeffrey, It ain't the US that's leading the way in DNS based blocklists, now is it? Ultimately DNS is not the right layer to do general purpose filtering. There's no question that national blocklists slot very nicely into this proposal by Vixie, but really, for the threat you discuss we already live in that future. On Fri, Aug 6, 2010 at 2:12 PM, Jeffrey Walton <noloader () gmail com> wrote:Hi Paul, What happens when the US government comes-a-knocking, desiring to manipulate data while claiming some sort of purview under the gestapo legislation known as the PATRIOT Act (or <insert legislation name here>)? The hooks provided by the ISC and used by the domain operator will facilitate the DNS subversion nicely. Put another way, the ISC proposal has just made it easier for US government abuses, and abuses which can effect not only US citizens, but citizens of other countries. Perhaps the ISC should also divest DNS interests from the US so that more dns operators, immune from US control, are available to the community. Jeff On Fri, Aug 6, 2010 at 1:07 AM, Paul Vixie <vixie () isc org> wrote:http://domainincite.com/vixie-declares-war-on-domain-name-crooks/ [SNIP]
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Paul Vixie (Aug 05)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Paul Ferguson (Aug 05)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." freed0 (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Valdis . Kletnieks (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Jeffrey Walton (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Dan Kaminsky (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Jeffrey Walton (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Valdis . Kletnieks (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Paul Ferguson (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Tomas L. Byrnes (Aug 21)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Dan Kaminsky (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." Paul Vixie (Aug 06)
- Re: "The ISC is the Microsoft of the DNS, BIND its Windows, ..." der Mouse (Aug 06)