Re: Multiple DNS implementations vulnerable to cache poisoning

[Joao Damas <Joao_Damas () isc org>]

I would love to get input on that be it in Dublin or elsewhere, both  
sides: the authoritative server and the recursive validator. We have  
ideas and want to do this but I will not claim to be the owner of THE  
TRUTH, so input is much desired.

Joao

PS: I would also want a copy of, or a secure method to access, the  
public part of the keys you use to sign those ccTLDs so I can place  
them in ISC's DLV registry

On 10 Jul 2008, at 01:17, Randy Bush wrote:

> David Conrad wrote:
> > > > There are 4 ccTLDs (se, bg, pr, br) that are signed.
> > > wanna crawl in a corner in dublin and i can sign a few?
> > Love to.  We can also put your trust anchors in the prototype ITAR  
> > (see
> > the first part of
> > https://par.icann.org/files/paris/IANAReportKim_24Jun08.pdf).
>
> aside from just getting some cctlds signed, i will be interested in  
> the
> tools, usability, work flow, ...  i.e. what is it like for a poor
> innocent cctld which wants to sign their zone?
>
> randy