IETF Logo Mail Archive

Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?

Edward Lewis <Ed.Lewis@neustar.biz> Tue, 12 August 2008 16:46 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8DA803A69D1; Tue, 12 Aug 2008 09:46:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.305
X-Spam-Level:
X-Spam-Status: No, score=0.305 tagged_above=-999 required=5 tests=[AWL=0.800, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fov2fjDT0OIa; Tue, 12 Aug 2008 09:46:19 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 81EB33A68F5; Tue, 12 Aug 2008 09:46:19 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KSwuz-000KFg-EK for namedroppers-data@psg.com; Tue, 12 Aug 2008 16:40:21 +0000
Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1KSwuu-000KFA-D8 for namedroppers@ops.ietf.org; Tue, 12 Aug 2008 16:40:19 +0000
Received: from [192.168.7.242] (mail.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.2/8.14.2) with ESMTP id m7CGeCrv086753; Tue, 12 Aug 2008 12:40:13 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Mime-Version: 1.0
Message-Id: <a06240800c4c76ac5cf38@[0.0.0.0]>
In-Reply-To: <200808110118.m7B1If7Z052960@drugs.dv.isc.org>
References: <200808110118.m7B1If7Z052960@drugs.dv.isc.org>
Date: Tue, 12 Aug 2008 09:40:07 -0700
To: namedroppers@ops.ietf.org
From: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Cc: ed.lewis@neustar.biz
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.64 on 10.20.30.4
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

At 11:18 +1000 8/11/08, Mark Andrews wrote:

>	DNS security is required for SMTP security to work.

That is why the SIKED (Secure Internet KEy Distribution) BoF failed, 53rd IETF.

If SMTP security works because DNS security works, then a DNS 
security failure means SMTP security fails too.  A house of cards. 
This is what is feared.

(see also http://www.potaroo.net/ietf/idref/draft-lewis-siked-dnsargs/)

Thanks to Geoff Huston for maintaining that repository.  Although I'd 
call it "Pandora's Box" because of all of the bad ideas documented in 
there that never mad it to RFC. ;)
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Never confuse activity with progress.  Activity pays more.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email