Re: [DNSOP] Should root-servers.net be signed

Ted Lemon <Ted.Lemon@nominum.com> Fri, 19 March 2010 16:41 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 454E83A69DD for <dnsop@core3.amsl.com>; Fri, 19 Mar 2010 09:41:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.469
X-Spam-Level:
X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYrEHAKEO9Zc for <dnsop@core3.amsl.com>; Fri, 19 Mar 2010 09:41:47 -0700 (PDT)
Received: from exprod7og106.obsmtp.com (exprod7og106.obsmtp.com [64.18.2.165]) by core3.amsl.com (Postfix) with ESMTP id 6601F3A6A7E for <dnsop@ietf.org>; Fri, 19 Mar 2010 09:41:40 -0700 (PDT)
Received: from source ([64.89.228.229]) (using TLSv1) by exprod7ob106.postini.com ([64.18.6.12]) with SMTP ID DSNKS6OpTpONgINz76pR8vX+SJGFCWoFNoge@postini.com; Fri, 19 Mar 2010 09:41:54 PDT
Received: from webmail.nominum.com (webmail.nominum.com [64.89.228.50]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "webmail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 1F8571B81F8; Fri, 19 Mar 2010 09:41:46 -0700 (PDT)
Received: from [10.1.10.14] (173.162.214.218) by exchange-01.win.nominum.com (64.89.228.50) with Microsoft SMTP Server (TLS) id 8.1.393.1; Fri, 19 Mar 2010 09:41:45 -0700
MIME-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Ted Lemon <Ted.Lemon@nominum.com>
In-Reply-To: <68584293-648A-4F4E-8731-785E8F4D38B7@ICSI.Berkeley.EDU>
Date: Fri, 19 Mar 2010 12:41:43 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <FD7E1CD6-E5D2-4A6B-9990-3CE2335E2BA8@nominum.com>
References: <2AA0F45200E147D1ADC86A4B373C3D46@localhost><0E169711-92DC-4AEA-AA81-718F298D1645@hopcount.ca><alpine.LSU.2.00.1003081614480.1897@hermes-2.csi.cam.ac.uk><A2D7C5EE-9937-4529-A28F-23296485A8B2@hopcount.ca><43FC3F50679F458A869F99D72ECD1237@localhost><20100309151726.GC5108@dul1mcmlarson-l1-2.local> <6C56581E-D4F4-4A49-A3B4-CB7F1CF42E29@icsi.berkeley.edu> <183BEF785A9844F186558A87848A6698@localhost> <061F30F4-E0EE-40E6-A54D-246D9E9A9D77@ICSI.Berkeley.EDU> <6D6F580F8CFB4DB5AB32566FB608088D@localhost> <57BC5F21-B1EE-4D06-BB1B-3DC8582D0D87@ICSI.Berkeley.EDU> <03CF4A3B5B374C4C858DEEB2D66C0702@localhost> <AA116C2A-CCFC-4177-A43A-B3AA066B3C3C@ICSI.Berkeley.EDU> <7F872C0CAA544F9480BF49438AAFA3BF@localhost> <68584293-648A-4F4E-8731-785E8F4D38B7@ICSI.Berkeley.EDU>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
X-Mailer: Apple Mail (2.1077)
Cc: George Barwood <george.barwood@blueyonder.co.uk>, "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Should root-servers.net be signed
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2010 16:41:48 -0000

On Mar 19, 2010, at 12:20 PM, Nicholas Weaver wrote:
> HAHAHA.  Not bloodly likely IMO: a lot of the "open resolvers" are broken end-user NATS and similar.  Those will only be updated sometime around when hell freezes over.

Stuff gets updated when its brokenness becomes obvious to the person who owns it.   So revealing its brokenness is a mitzvah.