IETF Logo Mail Archive

Re: [DNSOP] AS112 for TLDs

"Joe Baptista" <baptista@publicroot.org> Sun, 06 April 2008 13:33 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7C623A67E1; Sun, 6 Apr 2008 06:33:23 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF92A3A6CDD for <dnsop@core3.amsl.com>; Sun, 6 Apr 2008 06:33:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQDN5O+iwYTg for <dnsop@core3.amsl.com>; Sun, 6 Apr 2008 06:33:21 -0700 (PDT)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.168]) by core3.amsl.com (Postfix) with ESMTP id CDCAA3A67F3 for <dnsop@ietf.org>; Sun, 6 Apr 2008 06:33:21 -0700 (PDT)
Received: by wf-out-1314.google.com with SMTP id 25so986115wfa.31 for <dnsop@ietf.org>; Sun, 06 Apr 2008 06:33:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:references:x-google-sender-auth; bh=fMTUOjb8fLcTU/X27YMezrppTf2LdbbQa4iTBBO2uUw=; b=S+MPZB9B0/dvRQizGAZ/tKhF3kv/m0rOw/QySQpujT8ahgd7amWHFu5OH5vfDFUcTAj7bO6p3IKs53sKDrc1RmAtXQSmHapwac9obzlSpPV41Vg8EoN8cW+QmqWR8gqgJvir0CoExg1eQmE1RV6554sDTv8SGybcGrdz4JCGFAw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=KkwIb5m1iEDQmRX0TkzPe7KoHuNAewPVa8Kfkv8wxYt0qTaSblx1jvYlmNjYzEIXMspPhQgRMcAP5ee8yhxxiJUjYlQBQ0BFltC9hPIK3YsRHQSihzu+enJA6wx8ikTViRu0w5ruprMPn14+s2gFyT0T5Da11zq02LdCamswlSE=
Received: by 10.142.127.10 with SMTP id z10mr1976315wfc.122.1207488812751; Sun, 06 Apr 2008 06:33:32 -0700 (PDT)
Received: by 10.142.216.10 with HTTP; Sun, 6 Apr 2008 06:33:32 -0700 (PDT)
Message-ID: <874c02a20804060633o72232c3dua2ea0afb3302416c@mail.gmail.com>
Date: Sun, 06 Apr 2008 09:33:32 -0400
From: Joe Baptista <baptista@publicroot.org>
To: Florian Weimer <fw@deneb.enyo.de>
In-Reply-To: <87bq4nxgxv.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
References: <200804032205.m33M5P0W050872@drugs.dv.isc.org> <87ve2vxifd.fsf@mid.deneb.enyo.de> <874c02a20804060605q75cd0db1h696b0772fc6f2ec@mail.gmail.com> <87bq4nxgxv.fsf@mid.deneb.enyo.de>
X-Google-Sender-Auth: 4a2b79622edad4cd
Cc: dnsop@ietf.org, Mark Andrews <Mark_Andrews@isc.org>, Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: [DNSOP] AS112 for TLDs
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1792325893=="
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Sun, Apr 6, 2008 at 9:15 AM, Florian Weimer <fw@deneb.enyo.de> wrote:

> It means that everybody who can make a BGP announcement can legitimately
> hijack DNS traffic to those TLDs.  Is this really what we want?
>


Thats an AS112 security issue.  Are they to be trusted?  Maybe?  Maybe not.
AS112 can be easily replicated to operate on any dns servers including local
roots.  So that issue can be put to rest.

Like I said before - it makes a great trash can.  Now should you trust the
communal trash can.  Those who don't can run heir own AS112, and those who
do can point to AS112.

What we want and need is stability and world wide resolvability.  What were
getting is a revolution.

regards
joe baptista

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email