Re: [ga] This will please Joe

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

Dr. Joe and all,

  You can be sure that there will be fallout a plenty!  Government
agencies, most importantly DHS in the US have shown time and time
again that implementing anything very technical has largely, but not
entirely, a odd collection of fiasco's.  All one has to do is look at
the
the "Terrorist, no fly list" by TSA, a DHS division.

  DNSSEC can be implemented safely, properly and fully with
very little effort, as well as maintained with relative ease, but again
only if implemented properly and fully.  From what can be decerned
and technically determined with ICANN's DNSSEC implementation,
is that it has not been thus far implemented fully, ergo security holes,

although fewer remain to Root servers, and such gives the public a
false sense of security.  That's irresponsible because such is
misleading.
But I am relitively sure that ICANN's SSAC will never outwardly
admit to that, as will not the ALAC accordingly.  Shame, shame!

Joe Baptista wrote:

> I already know about this.  Its being discussed on DNSOPS at the
> IETF.  Some people are organizing a protest letter to the U.S.
> government department involved expressing their opposition and
> technical concerns.
>
> Frankly you may be surprised that I am in support of this experiment.
> DNSSEC is not well tested, and I feel forcing a bunch of civil
> servants to deploy DNSSEC is a wonderful idea.  I look forward to the
> fallout.
>
> cheers
> joe baptista
>
> On Thu, Aug 28, 2008 at 10:20 PM, JFC Morfin <jefsey@xxxxxxxxxxxxxxxx>
> wrote:
>
>
>      
> <http://www.heise-online.co.uk/security/The-US-to-implement-DNSSEC-in-all-federal-offices--/news/111417>
>
>      The US government has called on all federal offices to take
>      measures to prepare their domains for DNSSEC. Starting in
>      January 2009, the US government will use DNSSEC for all .gov
>      top level domains Second level domains for federal offices
>      will follow. The move is the US government's reaction to the
>      increasing threat of cache poisoning attacks on name
>      servers, which make it possible to redirect even .gov
>      addresses to servers controlled by criminals.
>
>      With the DNSSEC extension, all responses to a name server
>      are signed, allowing the recipient to verify via public key
>      infrastructure (PKI) whether they are authentic responses
>      derived from the responsible name server. International
>      implementation of DNSSEC has so far been hampered by
>      disagreements over who would control the PKI.
>
>      While the implementation schedule for DNSSEC appears to be
>      rather generous, federal offices tend to move rather slowly.
>      Government offices are scheduled to have their initial plans
>      for the implementation ready by early September. By December
>      2009 DNSSEC is supposed to be established for all second
>      level domains under .gov.
>
>
>
>
>
> --
> Joe Baptista
> www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
> Office: +1 (360) 526-6077 (extension 052)
> Fax: +1 (509) 479-0084
>
>
Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827