ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNSSEC is NOT secure end to end

2009-06-01 00:01:25
from [Joe Baptista] [Permanent Link] 
I disagree.  DNSCurve has nothing to do with trust.  It simply ensure the
system you are connected to is in fact the system that gives you the
answer.  DNSCurve addresses the UDP issues without the need for a root or
any other third party enjoying any degree of trust.

Totally different from DNSSEC.

regards
joe baptista

On Sun, May 31, 2009 at 9:38 PM, Mark Andrews <marka(_at_)isc(_dot_)org> wrote:



In message 
<874c02a20905311802r2b9b4544j374bb374eb7a7ee4(_at_)mail(_dot_)gmail(_dot_)com>,
Joe Baptista writes:

DNSSEC indeed violates the end to end principle.  It's simply that

simple.

And it asks us to put our trust in the root a.k.a. ICANN.  I don't think
governments world wide are going to put their trust and faith in ICANN.

 The

U.S. Government is the only government that has been bamboozled into
adopting DNSSEC into .gov infrastructure.

I wonder how President Obama would feel about handing over the keys to

U.S.

Government infrastructure to a U.S. contractor.  I'd have trouble

sleeping

at night if that was the case.

I've addressed this at length in my comments to the NTIA.

http://www.ntia.doc.gov/DNS/comments/comment034.pdf

If the U.S. government wants DNSSEC today then it must nationalize the
roots.  I don't even trust Vixie with the root.  I remember when he

hijacked

the root with Postel.  Or as they put it "we were only running an
experiment".

In any case the new infrastructure campaign demands U.S. government roots

be

set up to exclusively serve U.S. network infrastructure.

regards
joe baptista

p.s. If you want to secure the DNS end to end - think DNSCurve - not

DNSSEC.


http://dnscurve.org/


        DNSCurve has exactly the same trust issues as DNSSEC does.
       You are trusting the parent to give you a secure introduction
       to the child.  The introduction is just encoded differently.

       Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org





-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
 Office: +1 (360) 526-6077 (extension 052)
    Fax: +1 (509) 479-0084

Personal: www.joebaptista.wordpress.com

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: DNSSEC is NOT secure end to end, Mark Andrews
Next by Thread:  Re: DNSSEC is NOT secure end to end, Mark Andrews
Indexes:  [Date] [Thread] [Top] [All Lists]