From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Are we ready for DNSSEC ?
Date: Sat, 23 Jan 2010 19:42:52 -0500 [thread overview]
Message-ID: <eeae7618fa33fc4dd4519a70b4ed354f@ladd.quanstro.net> (raw)
In-Reply-To: <4f34febc1001231559s3ffb6037o2a193bf4689b961@mail.gmail.com>
> > By the end of May, all the root servers should be running DNSSEC
> >
> > http://royal.pingdom.com/2010/01/19/the-internet-is-about-to-get-a-lot-safer/
> >
> > Is Plan9 ready for such a move?
>
> Reading what D. J. Bernstein has to say about DNSSEC is always fun.
> See e.g. this paper http://cr.yp.to/talks/2009.08.10/slides.pdf about
> abusing DNSSEC to launch denial of service attacks. He has also
> proposed an alternative to DNSSEC, http://dnscurve.org/.
this isn't a technical discussion. regardless of the merits,
they're not implementing dnscurve on the root servers.
they're implementing dnssec.
so if you're interested in securing dns, say to prevent ssl
mitm attacks, i only see three choices
1. hold your nose. do dnssec.
2. put your head in the sand.
3. convince the world to use dnscurve.
- erik
next prev parent reply other threads:[~2010-01-24 0:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-20 13:26 maht
2010-01-20 13:42 ` erik quanstrom
2010-01-20 15:14 ` Patrick Kelly
2010-01-20 15:33 ` erik quanstrom
2010-01-20 16:39 ` Patrick Kelly
2010-01-20 16:49 ` erik quanstrom
2010-01-20 17:29 ` Patrick Kelly
2010-01-20 17:47 ` Russ Cox
2010-01-20 18:17 ` erik quanstrom
2010-01-20 20:11 ` Russ Cox
2010-01-20 19:13 ` Patrick Kelly
2010-01-23 23:59 ` John Barham
2010-01-24 0:42 ` erik quanstrom [this message]
2010-01-24 0:52 ` Russ Cox
2010-01-24 1:01 ` erik quanstrom
2010-01-24 1:11 ` Russ Cox
2010-01-24 1:18 ` erik quanstrom
2010-01-24 13:19 ` hiro
2010-01-24 14:57 ` erik quanstrom
2010-01-24 21:49 ` Russ Cox
2010-01-24 22:12 ` Tim Newsham
2010-01-24 22:20 ` erik quanstrom
2010-01-24 18:14 ` Tim Newsham
2010-01-25 20:45 ` Wes Kussmaul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eeae7618fa33fc4dd4519a70b4ed354f@ladd.quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).