IETF Logo Mail Archive

Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?

Eric Rescorla <ekr@networkresonance.com> Wed, 13 August 2008 16:18 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 867113A69C3; Wed, 13 Aug 2008 09:18:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.557
X-Spam-Level:
X-Spam-Status: No, score=-0.557 tagged_above=-999 required=5 tests=[AWL=-0.062, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYqVRB30M0Y9; Wed, 13 Aug 2008 09:18:17 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id B2F013A6970; Wed, 13 Aug 2008 09:18:17 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KTIxX-000IK7-6k for namedroppers-data@psg.com; Wed, 13 Aug 2008 16:12:27 +0000
Received: from [74.95.2.173] (helo=romeo.rtfm.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ekr@networkresonance.com>) id 1KTIxS-000IJQ-T0 for namedroppers@ops.ietf.org; Wed, 13 Aug 2008 16:12:25 +0000
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 9AA7250846; Wed, 13 Aug 2008 09:23:04 -0700 (PDT)
Date: Wed, 13 Aug 2008 09:23:04 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Ray.Bellis@nominet.org.uk
Cc: Namedroppers WG <namedroppers@ops.ietf.org>
Subject: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
In-Reply-To: <OF6BFCDCCD.B3B7FD05-ON802574A4.004C3FB5-802574A4.004C6A52@nominet.org.uk>
References: <B5457C05-D2EA-4A31-94AB-84807AC62843@virtualized.org> <Pine.LNX.4.44.0808121535120.3680-100000@citation2.av8.net> <OF6BFCDCCD.B3B7FD05-ON802574A4.004C3FB5-802574A4.004C6A52@nominet.org.uk>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20080813162304.9AA7250846@romeo.rtfm.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

At Wed, 13 Aug 2008 14:54:39 +0100,
Ray.Bellis@nominet.org.uk wrote:
> 
> > But it is not the case that your bank information can be stolen by this
> > DNS attack, as Kaminsky seems to have told the mainstream press.
> 
> Unless your bank used a weak cert generated on a Debian system...

... And you haven't installed one of the weak key blacklists.


-Ekr

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email