<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] DNSSEC Root Servers' Switchover Now Complete
- To: ga@xxxxxxxxxxxxxx, stephen@xxxxxxxx, imatx26@xxxxxxxxxxxxxx, ssene@xxxxxxxxxxxx, icann-board@xxxxxxxxx, rod_beckstrom@xxxxxxxxx, SenateWebmail@xxxxxxxxxxxxxxxxx
- Subject: [ga] DNSSEC Root Servers' Switchover Now Complete
- From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
- Date: Fri, 7 May 2010 15:05:38 -0500 (GMT-05:00)
All,
I agree in spirit with Stephen's comments below. Certainly we
need to be harsh on those perpatrating these malicious acts,
but just as important we also need to take action against
service providers such as ISP's, hosting providers and registrars
for not taking proper available precautions when hosting
and/or providing access to domain name holders, as well
as those errant domain name holders themselves.
Further I agree that DNScurve would have been a better
approach to DNSSEC, but seemingly the IETF was cool to
DNScurve, and so the legacy roots have the compermise
DNSSEC, such as it is and as it has been implemented...
Be careful of those look-aside servers!
Well done Stephen! Keep up the good works!
As an FYI, see:
(May 6, 2010)
As of Wednesday, May 5, all 13 of the authoritative root servers for the
domain name system are running the DNS Security Extensions (DNSSEC)
protocol. The protocol is designed to help prevent cache poisoning and
other DNS attacks.
http://www.h-online.com/security/news/item/DNSSEC-on-all-root-servers-994744.html
[Editor's Note (Northcutt): This is good news. We are a bit late to this
party, and I wonder how much of the chain we will be able to apply the
DNS security extensions to before practical measures to defeat them are
available. Maybe I am tired and cranky, but I think we may have to start
increasing the penalties for these types of crimes, something like two
strikes and you are out, and try to get deterrence to be a force in the
equation. Technology doesn't seem to cut it. Here is a purely
theoretical paper outlining potential attacks against DNSSEC:
http://www.isoc.org/isoc/conferences/ndss/10/pdf/17.pdf ]
Regards,
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 294k members/stakeholders and growing,
strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx
Phone: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|