nanog mailing list archives
Re: New addresses for b.root-servers.net
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Tue, 20 Jun 2023 12:08:11 +0900
Matt Corallo wrote:
Note that diginotar was advertised to be operated with HSMs and four-eyes principle, which means both of them were proven to be untrustworthy marketing hypes.Even more reason to do DNSSEC stapling!
See hypes of HSMs and four-eyes from DNSSEC operators.
This is totally unrelated to the question at hand. There wasn't a question about whether a user relying on trusted authorities can maybe be whacked by said trusted authorities (though there's been a ton of work in this space, most notably requiring CT these days),
So, let's recognize ISPs as trusted authorities and we are reasonably safe without excessive cost to support DNSSEC with all the untrustworthy hypes of HSMs and four-eyes principle.
it was purely about whether we can rely on pure "I sent a packet to IP X, did it get to IP X", which *is* solved by DNSSEC.
That's overkill. See above for the proper solution. Masataka Ohta
Current thread:
- Re: New addresses for b.root-servers.net, (continued)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 17)
- Re: New addresses for b.root-servers.net Crist Clark (Jun 17)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 17)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 18)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 18)
- Re: New addresses for b.root-servers.net niels=nanog (Jun 18)
- Re: New addresses for b.root-servers.net Cynthia Revström via NANOG (Jun 18)
- Re: New addresses for b.root-servers.net niels=nanog (Jun 18)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 19)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 19)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 19)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 20)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 20)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 20)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 20)
- Re: New addresses for b.root-servers.net Mark Andrews (Jun 20)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 21)
- Re: New addresses for b.root-servers.net David Conrad (Jun 16)
- Re: New addresses for b.root-servers.net Jared Mauch (Jun 02)
- Re: New addresses for b.root-servers.net Wes Hardaker (Jun 15)