IETF Logo Mail Archive

RE: How do we get the whole world to upgrade to DNSSEC capable resolvers?

Alex Bligh <alex@alex.org.uk> Tue, 29 July 2008 14:55 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CBD793A6927; Tue, 29 Jul 2008 07:55:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.195
X-Spam-Level:
X-Spam-Status: No, score=-0.195 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, MIME_8BIT_HEADER=0.3, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFQOfQI6rPqu; Tue, 29 Jul 2008 07:55:21 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id CE6093A6B88; Tue, 29 Jul 2008 07:55:20 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KNqWV-00097S-AP for namedroppers-data@psg.com; Tue, 29 Jul 2008 14:49:59 +0000
Received: from [217.147.82.63] (helo=mail.avalus.com) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <alex@alex.org.uk>) id 1KNqWL-000963-GF for namedroppers@ops.ietf.org; Tue, 29 Jul 2008 14:49:51 +0000
Received: from [192.168.100.3] (localhost [127.0.0.1]) by mail.avalus.com (Postfix) with ESMTP id 7FB4CC2DA3; Tue, 29 Jul 2008 15:49:46 +0100 (BST)
Date: Tue, 29 Jul 2008 15:49:43 +0100
From: Alex Bligh <alex@alex.org.uk>
Reply-To: Alex Bligh <alex@alex.org.uk>
To: "Jesper G. Høy" <jesper@jhsoft.com>, namedroppers@ops.ietf.org
cc: Alex Bligh <alex@alex.org.uk>
Subject: RE: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Message-ID: <F64EF155F05968A001280C7B@Ximines.local>
In-Reply-To: <028601c8f185$eeb51b90$cc1f52b0$@com>
References: <48875934.8080101@links.org> <F113C53F-D189-45A0-8DC3-14725395D1BD@virtualized.org> <20080723183227.GA11957@outpost.ds9a.nl> <028601c8f185$eeb51b90$cc1f52b0$@com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>


--On 29 July 2008 16:18:09 +0200 "Jesper G. Høy" <jesper@jhsoft.com> wrote:

> Some will probably argue that this doesn't help against
> on-the-wire-attacks. But if the bad buy is one-the-wire, then he can
> replace any data at will anyway. DNSSEC is no help here.

DNSSEC does indeed guard against on-the-wire attacks. What sort of attack
are you thinking of that it cannot guard against?

Alex

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email