[governance] A Survey of DNS Security
dogwallah at gmail.com
Mon May 1 00:08:51 EDT 2006
On 5/1/06, Robert Guerra <rguerra at lists.privaterra.org> wrote:
> A reference to this message just appeared on Dave Farber's IP list.
Yes, it has caused a bit of a splash, which is too bad, since it is
> Thought that it would of interest to share with this list given that
> cybersecurity is being raised as a key issue for the IGF.
To paraphrase what seems to be the consensus on the DNS-OPS mailing list:
Yes, we know. Prof. Sirer's work points out some of the far-gone consequences
of not paying attention. We are, however pretty convinced that:
1. The mentioned examples are extremes. Most of the namespace is
in considerably better order.
2. DNS has historically been a neglected part of the quality
control most web site operators perform. It simply is so redundant
and ubiquitous that it not is seen as a critical part.
3. The ultimate fix for this is DNSSEC. (and BCP 38
My personal opinion is that these boys from Cornell are trying scare
tactics to push their own "solution" (CoDoNS see url below) which in
reality is more vulnerable than vanilla DNS.
It's marketing, not science. (The conclusions don't follow from observations).
We may in fact need to replace the current DNS at some point with
something entirely new, but:
a) not now
b) not this
$ whois -h whois.afrinic.net mctim
governance mailing list
governance at lists.cpsr.org
More information about the Governance