Re: [ga] Progress of DNSSEC?: Can .gov trust .com?

[Matthew Pemble <matthew@xxxxxxxxxx>]

Folks,

On 9 June 2010 16:31, Hugh Dierker <hdierker2204@xxxxxxxxx> wrote:

> Matthew,
>
> I would like to know: Do you think this DNSSEC process is being advanced in
> good faith?
>


I'm not sure. I certainly don't think that the NIST guidelines are evidence
or even indication of bad faith.  There are clearly issues with DNSSEC and
alternatives (ie DNSCurve.)

I'd don't accept Jeff's argument that the UMich paper (and it was the proper
publication at eecs.umich.edu I had linked to) has direct relevance for
DNSSEC implementations. As a security specialist, rather than a domain one,
I'd ask people to remember that digitally signing data has transaction costs
- and the longer the key length, the greater those costs.  I'd rather have a
slightly less secure DNS than a slightly less working one ...


Do you think that the parties are trying to advance something beneficial to
> the Internet or their own agendas??  (I am aware there is no black and white
> - but weighing the two?)
>

I don't think NIST have a agenda here - I would suggest that they are being
beneficial. Equally, I'm fairly sure that the University of Michigan don't
have any DNS specific one beyond the usual academic more research money,
more fame ones.

I'll hazard as far as I 'know' Jeff does have an agenda (he doesn't attempt
to hide it) but I think he is honestly just reading a little too much in to
a paper outside his specialist area.

Matthew


-- 
Matthew Pemble
Technical Director, Idrach Ltd

Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690