Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: weakness in the DNS protocol

From: David Farber <dave () farber net>
Date: Thu, 10 Jul 2008 01:49:15 -0700

________________________________________
From: Erik Huizer [huizer () cs uu nl]
Sent: Thursday, July 10, 2008 4:30 AM
To: David Farber
Subject: Re: [IP] Re:     weakness in the DNS protocol

Dave,

While I mostly agree with your assesment I'd like to point out that
something is moving in the DNSSEC area. PIR, the registry running .ORG
has initiated deployment of DNSSEC. In April it submitted a plan for
DNSSEC deployment to ICANN, which was ok-ed at the last ICANN meeting.

The PIR board decided we did not want to wait any longer for a signed
root and that we need to move forward, carefully, to get field
deployment experience at the least.

Gr.
Erik Huizer
a PIR Board member


==================
prof. dr. Erik Huizer
Internet Applications
Institute of Information and Computing Sciences
University Utrecht
The Netherlands
==================



David Farber wrote:

________________________________________
From: Dave Crocker [dcrocker () bbiw net]
Sent: Wednesday, July 09, 2008 7:43 PM
To: David Farber
Cc: ip; Steven M. Bellovin
Subject: Re: [IP] Re:   weakness in the DNS protocol

David Farber wrote:

From: Steven M. Bellovin [smb () cs columbia edu]

...

As ISC notes, DNSSEC is really the path we need to follow.



Work on DNSSec began almost 15 years ago, as a consequence of DNS
vulnerabilities being identified.  (I was the cognizant IETF Area Director who
initiated it.)

Yet we have virtually no adoption of DNSSec and no real plan for its adoption,
including signing the root or, ummm, routing around the DNSSec model's need for
signing the root.  Discussion about progress?  Sure.  Actually progress, no?

Most exchanges, like those that have just taken place on the IP list, simply end
by saying that DNSSec is the answer.  Unfortunately, that utterance does not
solve the problem.

We really do need to hear something that is more concrete, more pragmatic, and
more promising.

d/
--

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

--




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: