Re: [ga] the future .. DNS National Security and the ICANN clowns

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

<HEAD>
<STYLE>body{font-family: 
Geneva,Arial,Helvetica,sans-serif;font-size:10pt;font-family:arial,sans-serif;background-color:#ffffff;color:black;}p{margin:0px}</STYLE>

<META content="MSHTML 6.00.6000.16825" name=GENERATOR></HEAD>
<BODY id=compText>
<P>Dr. Joe and all,</P>
<P>&nbsp;</P>
<P>&nbsp; I agree that DNScurve would have been a better solution.&nbsp; 
However as you know the IETF</P>
<P>was and remains cool to DNScurve.&nbsp; My personal thoughts as to why very, 
but are mostly</P>
<P>occupied with the thought that the IETF is far less familier with DNScurve 
than DNSSEC.</P>
<P>Still if implimented fully and correctly DNSSEC "Can" do the job.&nbsp; 
However so far</P>
<P>the first attempt at DNSSEC along with weak Crypto standard SHA-2 ( 256 bit 
) has</P>
<P>proven as I an other predicted to be far too weak as even ( 1024 bit ) was 
broken</P>
<P>recently at the University of Michigan by some very sharp students and 
announced</P>
<P>about two months ago accordingly.&nbsp; Perhaps NIST will upgrade the SHA-2 
standard</P>
<P>to reflect the curent reality soon.&nbsp; I certainly hope 
so.<BR><BR><BR></P>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 0px; BORDER-LEFT: #0000ff 
2px solid">
<P>-----Original Message----- <BR>From: Joe Baptista 
<BAPTISTA@xxxxxxxxxxxxxx><BR>Sent: Apr 11, 2010 8:07 AM <BR>To: 
"ga@xxxxxxxxxxxxxx &gt;&gt; GA" <GA@xxxxxxxxxxxxxx><BR>Subject: [ga] the future 
.. DNS National Security and the ICANN clowns <BR><BR>The DNS is fracturing. 
It's been hijacked. Root server "I" in Beijing looks like it's still offline as 
ICANN remains silent on a national security issue - or should we call it a 
scandal? Washington is a buzz in DNS these days - no one knows whats going on 
and <SPAN class=fn>Beckstrom</SPAN> is busy answering questions.<BR><BR>When 
the Peoples Republic of China accidentally or intentionally hijacks the State 
of California expect some attention.<BR><BR>We need a better solution then 
ICANN. The world has become a very insecure place overnight. Now that this 
attack vector is known expect it to be exploited. DNSSEC will not save the day. 
It will simply provide another path to exploit.<BR><BR>DNScurve would have 
prevented this from happening. But the protocol that will be shoved in our face 
will be the DNSSEC make work project. DNScurve and DNSSEC can live together on 
the same box. Both will provide their own version of security. But as soon as 
DNScurve is adopted - expect DNSSEC to die a quick death.<BR><BR>regards<BR>joe 
baptista<BR></P>
<P>Regards,<BR><BR>Jeffrey A. Williams<BR>Spokesman for INEGroup LLA. - (Over 
294k members/stakeholders and growing, strong!)<BR>"Obedience of the law is the 
greatest freedom" -<BR>&nbsp;&nbsp; Abraham Lincoln<BR><BR>"Credit should go 
with the performance of duty and not with what is very<BR>often the accident of 
glory" - Theodore Roosevelt<BR><BR>"If the probability be called P; the injury, 
L; and the burden, B; liability<BR>depends upon whether B is less than L 
multiplied by<BR>P: i.e., whether B is less than PL."<BR>United States v. 
Carroll Towing&nbsp; (159 F.2d 169 [2d Cir. 
1947]<BR>===============================================================<BR>Updated
 1/26/04<BR>CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. 
div. of<BR>Information Network Eng.&nbsp; INEG. INC.<BR>ABA member in good 
standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx<BR>Phone: 
214-244-4827<BR></P></BLOCKQUOTE></BODY>