nanog mailing list archives
Re: What DNS Is Not
From: David Conrad <drc () virtualized org>
Date: Thu, 26 Nov 2009 07:42:15 -0800
On Nov 25, 2009, at 8:16 PM, Paul Vixie wrote:
we have to fix DNS so that provider-in-the-middle attacks no longer work. (this is why in spite of its technical excellence i am not a DNSCURVE fan, and also why in spite of its technical suckitude i'm working on DNSSEC.)
As you know, as long as people rely on their ISPs for resolution services, DNSSEC isn't going to help. Where things get really offensive if when the ISPs _require_ customers (through port 53 blocking, T-Mobile Hotspot, I'm looking at you) to use the ISP's resolution services. Regards, -drc
Current thread:
- Re: What DNS Is Not, (continued)
- Re: What DNS Is Not Dan White (Nov 26)
- Re: What DNS Is Not Valdis . Kletnieks (Nov 26)
- Re: What DNS Is Not Dobbins, Roland (Nov 26)
- Re: What DNS Is Not Eric Brunner-Williams (Nov 26)
- Re: What DNS Is Not David Conrad (Nov 26)
- Re: What DNS Is Not bmanning (Nov 25)
- Re: What DNS Is Not Jorge Amodio (Nov 25)
- Re: What DNS Is Not Mark Andrews (Nov 25)
- Re: What DNS Is Not Michael Peddemors (Nov 25)
- Re: What DNS Is Not Paul Vixie (Nov 25)
- Re: What DNS Is Not David Conrad (Nov 26)
- Re: What DNS Is Not Paul Vixie (Nov 26)
- Re: What DNS Is Not David Conrad (Nov 26)
- Re: What DNS Is Not Paul Vixie (Nov 26)
- Re: What DNS Is Not Florian Weimer (Nov 26)
- Re: What DNS Is Not James Hess (Nov 26)
- Re: What DNS Is Not Valdis . Kletnieks (Nov 27)
- Re: What DNS Is Not Eduardo A. Suárez (Nov 19)