[governance] A Survey of DNS Security
McTim
dogwallah at gmail.com
Mon May 1 00:08:51 EDT 2006
morning Robert,
On 5/1/06, Robert Guerra <rguerra at lists.privaterra.org> wrote:
> A reference to this message just appeared on Dave Farber's IP list.
Yes, it has caused a bit of a splash, which is too bad, since it is
mostly handwaving.
> Thought that it would of interest to share with this list given that
> cybersecurity is being raised as a key issue for the IGF.
To paraphrase what seems to be the consensus on the DNS-OPS mailing list:
Yes, we know. Prof. Sirer's work points out some of the far-gone consequences
of not paying attention. We are, however pretty convinced that:
1. The mentioned examples are extremes. Most of the namespace is
in considerably better order.
2. DNS has historically been a neglected part of the quality
control most web site operators perform. It simply is so redundant
and ubiquitous that it not is seen as a critical part.
3. The ultimate fix for this is DNSSEC. (and BCP 38
My personal opinion is that these boys from Cornell are trying scare
tactics to push their own "solution" (CoDoNS see url below) which in
reality is more vulnerable than vanilla DNS.
http://www.cs.cornell.edu/people/egs/beehive/codons.php
It's marketing, not science. (The conclusions don't follow from observations).
We may in fact need to replace the current DNS at some point with
something entirely new, but:
a) not now
b) not this
--
Cheers,
McTim
$ whois -h whois.afrinic.net mctim
_______________________________________________
governance mailing list
governance at lists.cpsr.org
https://ssl.cpsr.org/mailman/listinfo/governance
More information about the Governance
mailing list