IETF Logo Mail Archive

Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?

Duane at e164 dot org <duane@e164.org> Wed, 13 August 2008 17:33 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B53023A6990; Wed, 13 Aug 2008 10:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.468
X-Spam-Level:
X-Spam-Status: No, score=-0.468 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n1+1sY30UrRu; Wed, 13 Aug 2008 10:33:52 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id D1C9828C129; Wed, 13 Aug 2008 10:33:51 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KTK8o-000PrR-7E for namedroppers-data@psg.com; Wed, 13 Aug 2008 17:28:10 +0000
Received: from [208.82.100.153] (helo=mail.aus-biz.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <duane@e164.org>) id 1KTK8k-000Pqg-BI for namedroppers@ops.ietf.org; Wed, 13 Aug 2008 17:28:08 +0000
Received: from [192.168.100.244] (dsl-48-19.qld1.net.au [125.168.48.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.aus-biz.com (Postfix) with ESMTPSA id 416921F402D; Thu, 14 Aug 2008 03:28:05 +1000 (EST)
Message-ID: <48A319A0.20209@e164.org>
Date: Thu, 14 Aug 2008 03:28:00 +1000
From: Duane at e164 dot org <duane@e164.org>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: Ray.Bellis@nominet.org.uk, Namedroppers <namedroppers@ops.ietf.org>
Subject: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
References: <B5457C05-D2EA-4A31-94AB-84807AC62843@virtualized.org> <Pine.LNX.4.44.0808121535120.3680-100000@citation2.av8.net> <OF6BFCDCCD.B3B7FD05-ON802574A4.004C3FB5-802574A4.004C6A52@nominet.org.uk>
In-Reply-To: <OF6BFCDCCD.B3B7FD05-ON802574A4.004C3FB5-802574A4.004C6A52@nominet.org.uk>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Ray.Bellis@nominet.org.uk wrote:
>> But it is not the case that your bank information can be stolen by this
>> DNS attack, as Kaminsky seems to have told the mainstream press.
> 
> Unless your bank used a weak cert generated on a Debian system...

US banks are notorious for not using https URIs for the initial form
where customers log in to web banking, someone was doing up a name and
shame list on banks a while back over this.

-- 

Best regards,
 Duane

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email