nanog mailing list archives
Re: DNS Hijacking by Cox
From: David Conrad <drc () virtualized org>
Date: Mon, 23 Jul 2007 09:16:14 -0500
Steve, On Jul 22, 2007, at 10:06 PM, Steven M. Bellovin wrote:
I'm assuming fairly universal deployment.
...
The net, though, under my assumptions, is that ISP-supplied user configurationswill likely have the user's machine trust them, but sophisticated userswill be able to override that -- and DNSSEC is very much something for sophisticated users.
On the authoritative side, what do you see as the financial incentive to reach "fairly universal deployment"?
On the caching side, people can run their own validating caching servers or they can rely on their ISP. Why do you think there will be a radical shift in the way the vast majority of Internet users get DNS services, that is, every grandmother running a validating caching server on her grandson-managed PC? If you don't believe there will be such a change, then DNSSEC doesn't help you since the end users are trusting the operator of the validating caching server and that operator is the one (in the case that triggered this thread) that mucked with the data.
Rgds, -drc
Current thread:
- Re: DNS Hijacking by Cox, (continued)
- Re: DNS Hijacking by Cox Sean Donelan (Jul 23)
- Re: DNS Hijacking by Cox James Hess (Jul 23)
- Re: DNS Hijacking by Cox Perry Lorier (Jul 23)
- Re: DNS Hijacking by Cox Mattias Ahnberg (Jul 24)
- Re: DNS Hijacking by Cox Peter Dambier (Jul 24)
- Re: DNS Hijacking by Cox Mattias Ahnberg (Jul 25)
- Re: DNS Hijacking by Cox Peter Dambier (Jul 25)
- Re: DNS Hijacking by Cox Chris L. Morrow (Jul 24)
- Re: DNS Hijacking by Cox Brandon Galbraith (Jul 24)
- Re: DNS Hijacking by Cox Chris Adams (Jul 23)
- Re: DNS Hijacking by Cox David Conrad (Jul 23)
- Re: DNS Hijacking by Cox Chris L. Morrow (Jul 22)