This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] What about the last mile, was: getting DNSSEC deployed

Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
Next message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Conrad david.conrad at icann.org
Fri Feb 16 18:19:57 CET 2007

On Feb 16, 2007, at 9:00 AM, Lutz Donnerhacke wrote:
> * David Conrad wrote:
>> Running a caching resolver daemon should not require any end-user
>> configuration.
> Keymanagment is not free in the first step.

Right.  You have to run software update and click OK when new trust  
anchors need to be installed.

End-users don't run caching servers for historical reasons having to  
do with CPU cycles and available RAM (and perhaps poor choices  
regarding configuration files in particular DNS software  
implementations).  Those reasons don't apply anymore.

Trusting the infrastructure between you and your ISP is merely  
creating a new target for attack.  Or perhaps highlighting an  
existing target for attack.  It also means you trust your ISP.  As  
more and more ISPs see "sitefinder"-like functionality as a way of  
making more money faster, that trust is less and less tenable.

Rgds,
-drc

Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
Next message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]