ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] This will please Joe

  • To: "JFC Morfin" <jefsey@xxxxxxxxxxxxxxxx>
  • Subject: Re: [ga] This will please Joe
  • From: "Joe Baptista" <baptista@xxxxxxxxxxxxxx>
  • Date: Thu, 28 Aug 2008 23:42:07 -0400
I already know about this.  Its being discussed on DNSOPS at the IETF.  Some
people are organizing a protest letter to the U.S. government department
involved expressing their opposition and technical concerns.

Frankly you may be surprised that I am in support of this experiment.
DNSSEC is not well tested, and I feel forcing a bunch of civil servants to
deploy DNSSEC is a wonderful idea.  I look forward to the fallout.

cheers
joe baptista

On Thu, Aug 28, 2008 at 10:20 PM, JFC Morfin <jefsey@xxxxxxxxxxxxxxxx>wrote:

>
> <
> http://www.heise-online.co.uk/security/The-US-to-implement-DNSSEC-in-all-federal-offices--/news/111417
> >
>
> The US government has called on all federal offices to take measures to
> prepare their domains for DNSSEC. Starting in January 2009, the US
> government will use DNSSEC for all .gov top level domains Second level
> domains for federal offices will follow. The move is the US government's
> reaction to the increasing threat of cache poisoning attacks on name
> servers, which make it possible to redirect even .gov addresses to servers
> controlled by criminals.
>
> With the DNSSEC extension, all responses to a name server are signed,
> allowing the recipient to verify via public key infrastructure (PKI) whether
> they are authentic responses derived from the responsible name server.
> International implementation of DNSSEC has so far been hampered by
> disagreements over who would control the PKI.
>
> While the implementation schedule for DNSSEC appears to be rather generous,
> federal offices tend to move rather slowly. Government offices are scheduled
> to have their initial plans for the implementation ready by early September.
> By December 2009 DNSSEC is supposed to be established for all second level
> domains under .gov.
>
>


-- 
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
<<< Chronological Index >>>    <<< Thread Index >>>