Re: [ga] Progress of DNSSEC?: Can .gov trust .com?

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

Thank you Matthew,
Without retreading man is "basically evil or good" I find your analysis short 
and sweet, and well reasoned. Certainly everyone must make a living. Who pays 
is only of note but should not be a basis point of contention unless clearly 
shown otherwise.  I, like you, am a leaner in the direction of access to 
information over security.  I find the more open and accessible the less likely 
for mischief and hidden agendas. Agendas again are dandy as long as hypocrisy 
and self dealing is minimized by the light of day.
It would appear to me that as pollywog netizens we have a duty in this DNSSEC 
matter to keep the information flowing and to always question authority.  We 
may not need more security but we definitely need updated and competitive 
security. We must be vigilante to assure our technoarchs are debating pros and 
cons and that all voices and concerns are heard. To date - i am pleased with 
public disclosure and good faith.

--- On Wed, 6/9/10, Matthew Pemble <matthew@xxxxxxxxxx> wrote:

From: Matthew Pemble <matthew@xxxxxxxxxx>
Subject: Re: [ga] Progress of DNSSEC?: Can .gov trust .com?
To: ga@xxxxxxxxxxxxxx
Cc: "Hugh Dierker" <hdierker2204@xxxxxxxxx>
Date: Wednesday, June 9, 2010, 9:15 AM

Folks,

On 9 June 2010 16:31, Hugh Dierker <hdierker2204@xxxxxxxxx> wrote:


Matthew, 
 
I would like to know: Do you think this DNSSEC process is being advanced in 
good faith?

I'm not sure. I certainly don't think that the NIST guidelines are evidence or 
even indication of bad faith.  There are clearly issues with DNSSEC and 
alternatives (ie DNSCurve.)


I'd don't accept Jeff's argument that the UMich paper (and it was the proper 
publication at eecs.umich.edu I had linked to) has direct relevance for DNSSEC 
implementations. As a security specialist, rather than a domain one, I'd ask 
people to remember that digitally signing data has transaction costs - and the 
longer the key length, the greater those costs.  I'd rather have a slightly 
less secure DNS than a slightly less working one ...





Do you think that the parties are trying to advance something beneficial to the 
Internet or their own agendas??  (I am aware there is no black and white - but 
weighing the two?)


I don't think NIST have a agenda here - I would suggest that they are being 
beneficial. Equally, I'm fairly sure that the University of Michigan don't have 
any DNS specific one beyond the usual academic more research money, more fame 
ones.


I'll hazard as far as I 'know' Jeff does have an agenda (he doesn't attempt to 
hide it) but I think he is honestly just reading a little too much in to a 
paper outside his specialist area.

Matthew


 -- 
Matthew Pemble
Technical Director, Idrach Ltd

Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690