nanog mailing list archives
Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking?
From: Valdis.Kletnieks () vt edu
Date: Tue, 16 Sep 2003 15:06:44 -0400
On Tue, 16 Sep 2003 11:27:08 PDT, bmanning () karoshi com said:
if vt.edu wants to place a: * in a 198.82.247.53 in the vt.edu zone, why should anyone complain that now vt.edu doesn't return NXDOMAIN for all un-delegated entries? You want that everyone should hack the DNS to force NXDOMAINS for your wildcard? Feh.
So you're saying it's OK when Verisign does the same exact thing one level up? Or are you surprised that people are coding it for the Verisign case? The difference is when we urinate in our zone of the DNS, it's OUR zone. When Verisign does it, they're not urinating in *THEIR* .COM, they're urinating in a .COM they were holding in the public trust. If in fact .COM is now Verisign's playground rather than a public trust, then that's a different matter.
DNSSEC will tell a validating resolver the signature of each party that signed part of the chain. If Verisign wishes to sign bits of data that might exist under the delegation point they have responsibility for, I'm in favor. Its not "make-believe" ... or perhaps I don't understand your angst.
The point is they're not signing data that might exist, they're signing data that doesn't exist. If a query comes in for www.never-existed.com comes in, what exactly is getting signed? (Yes, if it's a synthesized reply based on a wildcard, you can count the NXT's and stuff to determine that - but I quite frankly don't trust the Verisign people to not intentionally obfuscate the replies to make this impossible.....)
Attachment:
_bin
Description:
Current thread:
- Re: What *are* they smoking?, (continued)
- Re: What *are* they smoking? bdragon (Sep 16)
- Re: What *are* they smoking? Mark Jeftovic (Sep 16)
- Re: What *are* they smoking? Greg Maxwell (Sep 16)
- Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Keptin Komrade Dr. BobWrench III esq. (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? bmanning (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? William Allen Simpson (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Valdis . Kletnieks (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? bmanning (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Valdis . Kletnieks (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? bmanning (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Valdis . Kletnieks (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Jack Bates (Sep 16)
- RE: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Eric Germann (Sep 16)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Jack Bates (Sep 17)
- Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking? Jay Hennigan (Sep 16)
- Re: What *are* they smoking? Matthew Crocker (Sep 15)
- Re: What *are* they smoking? Daniel Roesen (Sep 15)
- Re: What *are* they smoking? Marc Slemko (Sep 15)