<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] IPETEE - forget DNSSEC
- To: "Joe Baptista" <baptista@xxxxxxxxxxxxxx>
- Subject: Re: [ga] IPETEE - forget DNSSEC
- From: JFC Morfin <jefsey@xxxxxxxxxxxxxxxx>
- Date: Mon, 14 Jul 2008 15:37:59 +0200
At 04:56 14/07/2008, Joe Baptista wrote:
On Sat, Jul 12, 2008 at 1:57 PM, JFC Morfin
<<mailto:jefsey@xxxxxxxxxxxxxxxx>jefsey@xxxxxxxxxxxxxxxx> wrote:
At 11:48 12/07/2008, Peter Dambier wrote:
DNSSEC is the means to stop alternative roots. That is
probably the reason why everybody is made to want it.
could you please explain why?
Its to do with the start of authority key that signs all the other
keys. If that is signed then all the remainder are signed based on
the root DNSSEC key.
As far as I undertsand it only means that all the TLDs are protected
by a key delivered by a central key per root. If there are several
roots being supported there are different sets of keys: I am see no
problem there.
One of the things I remember is how insecure it is from the point of
view of the discover process. Because each record is in some
encrypted way related to the former in a sequential order - i..e.
alphabetical order. So TLD zones and domains who now protect their
network infrastructure by not allowing AXFR can now have that zones
list of names discoverable if they implement DNSSEC.
Maybe they fixed that. Just visit the IETF and look through the
DNSSEC RFC. It a lot like IPv6 - a technical nightmare waiting to
happen with many bugs and revisions.
It does not actually fix the problem with name server security - it
just patches it with an encrypted. The problem in name server
security was fixed back in 2002 by Dan Bernstein. We have all known
about it and we all also know that Bernstein is the author to the
solution of running a stable safe DNS. However what happened is the
fools at the IETF and the senior DNS operators gave him a hard time
on it and we have seen patches to DNS server software from all the
vendors that have completed ignored the problem from day one.
Bernstein solved the problem and is now credited for it.
Joe, what is necessary is to rewrite all the Internet documentation
as an maintained Open Norms Standard and Document reference book +
open source software apporved by the @large community. Would you be
interested working on it? What is the problem that Bernstein solved and how ?
jfc
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|