ietf
[Top] [All Lists]

Re: End to End Secure Protocols are bogus.

2009-06-14 10:52:17
Moin!

On 14.06.2009, at 10:35, Florian Weimer wrote:
In DNS, the vast majority of DNS resolvers are maintained by hosting
providers. Thus no true end-to-end service is possible.

Wrong.  The majority of resolvers are maintained by Microsoft.
Microsoft could ship the KSK for the root to customer machines in a
security update.  As it happens, in this case, the KSK wouldn't even
be the penultimate key, showing that the debate over who holds the KSK
is quite pointless.  Now that we've got automatic software updates, we
don't even need a signed root.
Can you elaborate on that? Last time I checked most of the Windows OS I
know got there resolver IP from the DHCP server which either is the ISPs
resolver, or the address of the broadband gateway, which DNS proxies to
the ISPs resolver. I know how non recursive validating stub resolvers
should work, I just haven't seen them deployed widely. Even business
customers which is the majority of customers we have tend to use our
(the ISP) resolvers directly . That might be also the reason why
governments love to use them to block content ;-).

So long
-Ralf
---
Ralf Weber
Platform Infrastructure Manager
Colt Telecom GmbH
Herriotstrasse 4
60528 Frankfurt
Germany
DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780
Fax: +49 (0)69 56606 6280
Email: rw(_at_)colt(_dot_)net
http://www.colt.net/
Data | Voice | Managed Services

Schütze Deine Umwelt | Erst denken, dann drucken

*****************************************
COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland * Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 2222 *

Geschäftsführer: Dr. Jürgen Hernichel (Vors.), Rita Thies * Amtsgericht Frankfurt/Main HRB 46123 * USt.-IdNr. DE 197 498 400





_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf