Re: [DNSOP] Should root-servers.net be signed

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Mon, 08 March 2010 04:35 UTC

Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 93A513A68D5 for <dnsop@core3.amsl.com>; Sun, 7 Mar 2010 20:35:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.09
X-Spam-Level:
X-Spam-Status: No, score=-0.09 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rJPmbeG9W+G for <dnsop@core3.amsl.com>; Sun, 7 Mar 2010 20:35:00 -0800 (PST)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by core3.amsl.com (Postfix) with SMTP id DB9053A68C4 for <dnsop@ietf.org>; Sun, 7 Mar 2010 20:34:59 -0800 (PST)
Received: (qmail 57893 invoked from network); 8 Mar 2010 05:41:02 -0000
Received: from bmdk2215.bmobile.ne.jp (HELO necom830.hpcl.titech.ac.jp) (203.180.16.215) by necom830.hpcl.titech.ac.jp with SMTP; 8 Mar 2010 05:41:02 -0000
Message-ID: <4B947E45.2090803@necom830.hpcl.titech.ac.jp>
Date: Mon, 08 Mar 2010 13:34:13 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: ja, en
MIME-Version: 1.0
To: Mark Andrews <marka@isc.org>
References: <2AA0F45200E147D1ADC86A4B373C3D46@localhost> <A76BB63E-F13B-4D90-BABB-89EB06C8E5F0@rfc1035.com> <4B93A046.4020209@necom830.hpcl.titech.ac.jp> <B98D66FF-E4EB-47BE-8302-D4C6D3E70238@icsi.berkeley.edu> <4B93F864.9090003@necom830.hpcl.titech.ac.jp> <7FDA3487-44F4-495F-94AC-1A18AC090DFB@nzrs.net.nz> <4B946242.7020407@necom830.hpcl.titech.ac.jp> <201003080250.o282omhw051442@drugs.dv.isc.org>
In-Reply-To: <201003080250.o282omhw051442@drugs.dv.isc.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: dnsop WG <dnsop@ietf.org>, Jay Daley <jay@nzrs.net.nz>, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [DNSOP] Should root-servers.net be signed
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2010 04:35:01 -0000

Mark Andrews wrote:

> There is plenty of evidence for ISPs modifying DNS responses to
> queries directed to their recursive servers without notifying the
> client population before doing so.

> There are also reports of ISPs modifying DNS responses not directed
> to their recursive servers.  If you wish to include hotels in the
> ISP category (which they are for the duration of your stay at the hotel)
> then there is ample evidence of this happening.

Are you saying the ISPs and the hotel are phishing their customers?

Or, are you just saying DNSSEC can not be used by customers of the
ISPs and the hotel?

> So yes I don't trust ISPs.

For doing (or not doing) what?

I don't think ilegally behaving ISPs can continue thier business.

						Masataka Ohta