nanog mailing list archives
Re: DNS cache poisoning attacks -- are they real?
From: Edward Lewis <Ed.Lewis () neustar biz>
Date: Mon, 28 Mar 2005 09:31:06 -0500
At 20:15 -0500 3/26/05, Sean Donelan wrote:
effort. Why has SSH been so successful, and DNSSEC stumbled so badly?
Short answer to that question alone. (Believe me, I've considered it too.)SSH is an example of innovation that requires only the end points to cooperate - e.g., like TCP doing congestion control at the edges. In particular, the key exchange in SSH is simplistic...
DNSSEC is a change to the operations at the mythical core of the Internet. DNSSEC won't work until third parties are involved, i.e., the parents (et.al.) of the server are involved, not just the server and client. In particular, the key exchange in DNSSEC has been the sore spot.
Mythical core: in this case, the administration of the root zone, the TLDs, etc., not the routing/transit/peering core.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Achieving total enlightenment has taught me that ignorance is bliss.
Current thread:
- Re: DNS cache poisoning attacks -- are they real?, (continued)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Jeff Kell (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Niels Bakker (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Edward Lewis (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 26)
- Re: DNS cache poisoning attacks -- are they real? Suresh Ramasubramanian (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? Simon Waters (Mar 29)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)