[governance] A Survey of DNS Security

McTim dogwallah at gmail.com
Mon May 1 00:08:51 EDT 2006

morning Robert,

On 5/1/06, Robert Guerra <rguerra at lists.privaterra.org> wrote:
> A reference to this message just appeared on Dave Farber's IP list.

Yes, it has caused a bit of a splash, which is too bad, since it is
mostly handwaving.

> Thought that it would of interest to share with this list given that
> cybersecurity is being raised as a key issue for the IGF.

To paraphrase what seems to be the consensus on the DNS-OPS mailing list:

Yes, we know.  Prof. Sirer's work points out some of the far-gone consequences
 of not paying attention. We are, however pretty convinced that:

 1. The mentioned examples are extremes. Most of the namespace is
   in considerably better order.
 2. DNS has historically been a neglected part of the quality
   control most web site operators perform. It simply is so redundant
   and ubiquitous that it not is seen as a critical part.
 3. The ultimate fix for this is DNSSEC. (and BCP 38

My personal opinion is that these boys from Cornell are trying scare
tactics to push their own "solution" (CoDoNS see url below) which in
reality is more vulnerable than vanilla DNS.


It's marketing, not science.  (The conclusions don't follow from observations).

We may in fact need to replace the current DNS at some point with
something entirely new, but:

a) not now
b) not this


$ whois -h whois.afrinic.net mctim

governance mailing list
governance at lists.cpsr.org

More information about the Governance mailing list