Interesting People mailing list archives
Re: weakness in the DNS protocol
From: David Farber <dave () farber net>
Date: Thu, 10 Jul 2008 01:49:15 -0700
________________________________________ From: Erik Huizer [huizer () cs uu nl] Sent: Thursday, July 10, 2008 4:30 AM To: David Farber Subject: Re: [IP] Re: weakness in the DNS protocol Dave, While I mostly agree with your assesment I'd like to point out that something is moving in the DNSSEC area. PIR, the registry running .ORG has initiated deployment of DNSSEC. In April it submitted a plan for DNSSEC deployment to ICANN, which was ok-ed at the last ICANN meeting. The PIR board decided we did not want to wait any longer for a signed root and that we need to move forward, carefully, to get field deployment experience at the least. Gr. Erik Huizer a PIR Board member ================== prof. dr. Erik Huizer Internet Applications Institute of Information and Computing Sciences University Utrecht The Netherlands ================== David Farber wrote:
________________________________________ From: Dave Crocker [dcrocker () bbiw net] Sent: Wednesday, July 09, 2008 7:43 PM To: David Farber Cc: ip; Steven M. Bellovin Subject: Re: [IP] Re: weakness in the DNS protocol David Farber wrote:From: Steven M. Bellovin [smb () cs columbia edu]...As ISC notes, DNSSEC is really the path we need to follow.Work on DNSSec began almost 15 years ago, as a consequence of DNS vulnerabilities being identified. (I was the cognizant IETF Area Director who initiated it.) Yet we have virtually no adoption of DNSSec and no real plan for its adoption, including signing the root or, ummm, routing around the DNSSec model's need for signing the root. Discussion about progress? Sure. Actually progress, no? Most exchanges, like those that have just taken place on the IP list, simply end by saying that DNSSec is the answer. Unfortunately, that utterance does not solve the problem. We really do need to hear something that is more concrete, more pragmatic, and more promising. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
-- ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- weakness in the DNS protocol David Farber (Jul 09)
- <Possible follow-ups>
- Re: weakness in the DNS protocol David Farber (Jul 09)
- Re: weakness in the DNS protocol David Farber (Jul 09)
- Re: weakness in the DNS protocol David Farber (Jul 10)
- Re: weakness in the DNS protocol David Farber (Jul 10)