[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Re: weakness in the DNS protocol
________________________________________ From: Dave Crocker [dcrocker@bbiw.net] Sent: Wednesday, July 09, 2008 7:43 PM To: David Farber Cc: ip; Steven M. Bellovin Subject: Re: [IP] Re: weakness in the DNS protocol David Farber wrote: > From: Steven M. Bellovin [smb@cs.columbia.edu] ... > As ISC notes, DNSSEC is really the path we need to follow. Work on DNSSec began almost 15 years ago, as a consequence of DNS vulnerabilities being identified. (I was the cognizant IETF Area Director who initiated it.) Yet we have virtually no adoption of DNSSec and no real plan for its adoption, including signing the root or, ummm, routing around the DNSSec model's need for signing the root. Discussion about progress? Sure. Actually progress, no? Most exchanges, like those that have just taken place on the IP list, simply end by saying that DNSSec is the answer. Unfortunately, that utterance does not solve the problem. We really do need to hear something that is more concrete, more pragmatic, and more promising. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net -------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC