At 02:14 AM 7/7/2003 -0400, Walter Dnes wrote:
On Fri, Jul 04, 2003 at 11:08:35AM -0400, Yakov Shafranovich wrote
> We need to determine for the future consideration of all DNS based
> proposal the state of DNSSEC and its planned deployment.
I strongly disagree with your conclusion. If DNS gets compromised
that badly, the entire internet will collapse in a pile of rubble...
- how is an MTA going to figure out the IP address from an MX record
if DNS is kaput ?
- how will people surf to www.bad.example.com if their OS can't get a
reliable IP address ?
- ftp, IRC, chat, messaging, etc. *EVERYTHING* goes down the tubes.
- How many megabytes of hosts file can your OS take before it begins
crawling each time you try a web lookup ?
If we assume that there will be an internet tomorrow, requiring our
solutions for email problems, we must also assume that DNS will be
operational tomorrow.
Thank you Walter. Point taken - numerous others have also pointed out that
status of DNS-SEC is irrelevant for us for other reasons. I have learned
the error of my ways :)
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg