Re: [DNSOP] Practical issues deploying DNSSEC into the home.

ietf

Re: [DNSOP] Practical issues deploying DNSSEC into the home.

2013-09-13 03:28:43

Ted,

What I like about this message is that you have demonstrated the
*potential* severability of these issues.  Things are set up as they are
for a matter of scaling.  Clearly it ain't perfect, and as one of my
mentors would say, that represents an opportunity.  It's also pretty
clear that we should be reviewing this stuff in consultation with
ICANN's SSAC committee.

Eliot

On 9/12/13 7:21 PM, Theodore Ts'o wrote:

Fair enough, but if the goal is to prevent pervasive surveillance,
simply using a key exchange which provides perfect forward secrecy
will do that, even given the pathetic state of https security given
the realities of the web and the CA's out there.

Still, I agree with the general precept that perfect should not enemy
of the better, and DNSSEC certainly adds value.  I just get worried
about people who seem to think that DNSSEC is a panacea.

                                             - Ted

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [DNSOP] Practical issues deploying DNSSEC into the home., (continued) Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Paul Wouters Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Theodore Ts'o Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Eliot Lear <= Re: [DNSOP] Practical issues deploying DNSSEC into the home., Dickson, Brian Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Dickson, Brian Re: [DNSOP] Practical issues deploying DNSSEC into the home., Ted Lemon Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Nicholas Weaver Re: [DNSOP] Practical issues deploying DNSSEC into the home., Masataka Ohta Re: [DNSOP] Practical issues deploying DNSSEC into the home., Arturo Servin

Previous by Date:	Re: Last call: draft-montemurro-gsma-imei-urn-16.txt, Gonzalo Camarillo
Next by Date:	Re: Last Call: <draft-ietf-sidr-bgpsec-threats-06.txt> (Threat Model for BGP Path Security) to Informational RFC, SM
Previous by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Phillip Hallam-Baker
Next by Thread:	Re: [DNSOP] Practical issues deploying DNSSEC into the home., Dickson, Brian
Indexes:	[Date] [Thread] [Top] [All Lists]