IETF Logo Mail Archive

Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?

Mark Andrews <Mark_Andrews@isc.org> Mon, 11 August 2008 17:55 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E7EF93A6B27; Mon, 11 Aug 2008 10:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.421
X-Spam-Level:
X-Spam-Status: No, score=-2.421 tagged_above=-999 required=5 tests=[AWL=0.178, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWMUpHH7M8Iv; Mon, 11 Aug 2008 10:55:44 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 1F9C53A6B7D; Mon, 11 Aug 2008 10:55:44 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KSbXX-000EDt-SA for namedroppers-data@psg.com; Mon, 11 Aug 2008 17:50:43 +0000
Received: from [2001:4f8:0:2::1c] (helo=mx.isc.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Mark_Andrews@isc.org>) id 1KSbXU-000EDN-Eo for namedroppers@ops.ietf.org; Mon, 11 Aug 2008 17:50:42 +0000
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTPS id C814511401E for <namedroppers@ops.ietf.org>; Mon, 11 Aug 2008 01:19:10 +0000 (UTC) (envelope-from Mark_Andrews@isc.org)
Received: from drugs.dv.isc.org (localhost.isc.org [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (verified OK)) by farside.isc.org (Postfix) with ESMTP id 1BC09E6024 for <namedroppers@ops.ietf.org>; Mon, 11 Aug 2008 01:19:09 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.2/8.14.2) with ESMTP id m7B1If7Z052960 for <namedroppers@ops.ietf.org>; Mon, 11 Aug 2008 11:18:41 +1000 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200808110118.m7B1If7Z052960@drugs.dv.isc.org>
To: namedroppers@ops.ietf.org
From: Mark Andrews <Mark_Andrews@isc.org>
Subject: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
In-reply-to: Your message of "Sun, 10 Aug 2008 20:02:06 +0200." <021101c8fb13$34634310$9d29c930$@com>
Date: Mon, 11 Aug 2008 11:18:41 +1000
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

> OK - but MX-records point to host names which point to A/AAAA records which
> point to IP addresses...
> If the bad guy is on the wire, he can intercept and replace your SMTP
> traffic anyway. 
> DNSSEC or not.
> 
> SRV-records also point to host names which...

	DNS security is required for SMTP security to work.  How
	else fo you securely workout who you are supposed to be
	communicating with.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email