[ga] A solution to DNS insecurity
A solution to DNS insecurity exists. It's ready to go out of the box. See attached PDF file and the website www.dnscurve.org for more info. Paul Vixie made the following comment on namedroppers. "however, if we're going to reconsider "how to secure dns" and are therefore willing to throw away the last 13 or so years of work and ditch the products and vendors in this nascent industry, then i'd like it if masataka ohta's proposal was also considered". http://www.ops.ietf.org/lists/namedroppers/namedroppers.2008/msg01631.html My response to Paul is as follows. Masataka's proposal requires development time. DNSCurve works out of the box. So in short yes Paul it is time to take 13 years of failure and trash it. DNSSEC has only one fundamental purpose. To put complete control of the Internet in the hands of 13 root operators. DNSSEC begs the question be answer - DO WE TRUST THESE 13 ORGANIZATIONS? I don't - nor do the users at large when they take the time to investigate the 13 mousekateers. It's also alot of work for the industry to convert over. In short for all of the above reasons - and many more - it simply does not scale. Now DNSCurve is worth the effort to setup an test lab at the public root. A very logical choice for increased user security. If it passes mustard then I will implement it. cheers joe baptista -- Joe Baptista www.publicroot.org PublicRoot Consortium ---------------------------------------------------------------- The future of the Internet is Open, Transparent, Inclusive, Representative & Accountable to the Internet community @large. ---------------------------------------------------------------- Office: +1 (360) 526-6077 (extension 052) Fax: +1 (509) 479-0084 Attachment:
DNSCurve-presentation-guide-slides-1.pdf
|