actually, it was the right questions... and the answers all distill
down to your reply. "security" and trust are in the eyes/validator
of the beholder. Sam Weiler borrowed the term "local policy" - which
trumps any middleman. Steve B. suggests VPNs (or their functioal
eqivalant) between the authoritative or trusted source and the end-system
validator - where in this context, the validator/resolver is w/in a couple
usec of the application; e.g. in the same box.
you can do it yourself or you can outsource it to someone else. end of the
day, its the end-system operators choice. the tools for crisply defining
the constrainsts of local policy are still very crude/fuzzy/undefined.
--bill
On Fri, Sep 24, 2010 at 10:16:05PM -0400, Phillip Hallam-Baker wrote:
That is not the right question.
The question should be, who chooses for me?
My answer to the question does not have to be the same as other people's.
Some people will want the full ICANN registry with every scammy malware site
and every DNS name registered five minutes ago. Others will prefer to have
only the ones proven safe.
If I was running a power station in the US, I would probably be quite happy
with a very short list indeed.
Gen Alexander is proposing a separate network for critical infrastructure. I
think that an edited DNS could play a very important role.
On Fri, Sep 24, 2010 at 9:10 PM, bill manning <bmanning(_at_)isi(_dot_)edu>
wrote:
On 24September2010Friday, at 17:16, John Levine wrote:
Plan A: few consumers will use DNSSEC between their PCs and the ISP's
resolver, so they won't notice.
Plan B: consumers will observe that malicious impersonation of far away
DNS servers is rare and exotic, but malware spam arrives hourly, so they
will make a rational tradeoff, take their ISP's advice, and turn off
DNSSEC.
Something else occurs to me:
Plan C: Sophisticated ISPs might configure their own DNSSEC key into
customer resolvers, and sign replacement records with that.
The threat model for DNSSEC has always been, approximately, that the
authoritative server at the far end is friendly, and the middleboxes
are hostile. But we have real situtations where the opposite is true,
quite possibly more often than the other way around.
presuming your statement about an inversion of the stated trust model is
correct,
can we dereference "friendly" and "hostile" to whom? Who makes that
assessment
and who/what defines the tools to implement a trust policy?
--bill
If we want people deploying DNSSEC widely, we need to make sure it
handles the actual threats they face.
R's,
John
PS: If I plug my random Windows PC or Mac into a cable modem, and I tell
it to use DNSSEC, where does it get the top level validation keys?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
--
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf