This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] What about the last mile, was: getting DNSSEC deployed

Previous message (by thread): [dns-wg] Announcement DNS for LIRs Training Courses
Next message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Roy Arends roy at nominet.org.uk
Wed Feb 14 23:08:34 CET 2007

Kudo's to TDC Song, C&W and others. Real nice they're validating data.

So what about joe end user. Are there initiatives to offer tsig/sig0/dtls 
between user and isp ? Are there initiatives to deploy code at the OS 
level, similar as to what the NLNetLabs and Sparta folk are building for 
the application level ? Are formentioned providers deploying either of 
these two sets of solutions to their end users ? Or is it all just 
security theater ?

Bring dns validation to where dns requests are initiated and where it is 
consumed; at the end user. That part is still vulnerable to spoofing while 
we're trying to secure the invisible infrastructure. 

Note that with end user validation, and well established methods to update 
the end users' certificate store, we might be well on our way.

See also: http://dnss.ec/blog/?p=10

Sure, signing the root is crucial, and I'm not convinced dlv is a viable 
alternative, but thats all meaningless if layer 6/7 don't get some 
fondling.

Roy

Previous message (by thread): [dns-wg] Announcement DNS for LIRs Training Courses
Next message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]