[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?

To: Joe Abley <jabley@ca.afilias.info>
Subject: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 25 Jul 2008 21:31:01 +0200
Cc: Jelte Jansen <jelte@NLnetLabs.nl>, DNSEXT WG <namedroppers@ops.ietf.org>
In-reply-to: <E7388E94-D031-4059-91F9-1596A254E21C@ca.afilias.info>
References: <F113C53F-D189-45A0-8DC3-14725395D1BD@virtualized.org> <20080723183227.GA11957@outpost.ds9a.nl> <2FFE6519-7E9C-4DE8-AF69-697A4D875011@nominum.com> <20080723191636.GB32507@outpost.ds9a.nl> <8A91CF57-0CBD-4CF2-BF59-C7D59CB4B7B9@virtualized.org> <20080724060743.GA7420@outpost.ds9a.nl> <48886C4D.4020500@ca.afilias.info> <63C0FFE7-17E6-4ECE-9A12-0537FE2E3F4B@ca.afilias.info> <4888FED2.6060204@NLnetLabs.nl> <E7388E94-D031-4059-91F9-1596A254E21C@ca.afilias.info>
User-agent: Mutt/1.5.9i

On Fri, Jul 25, 2008 at 01:03:05PM -0400, Joe Abley wrote:
> I think that's wrong. I think that once someone is in the position of  
> being able to meddle with the query/response stream, all bets are off  
> and DNSSEC is no cure.

Wow - sure? I may be no friend of DNSSEC but I always assumed DNSSEC would
be 'perfect' in this way.

If this is true, it only strenghtens the case that the hassle of DNSSEC
exceeds its merits by at least an order of magnitude.

	Bert
-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: Joe Abley <jabley@ca.afilias.info>

References:
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: David Conrad <drc@virtualized.org>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: bert hubert <bert.hubert@netherlabs.nl>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: Ted Lemon <Ted.Lemon@nominum.com>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: bert hubert <bert.hubert@netherlabs.nl>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: David Conrad <drc@virtualized.org>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: bert hubert <bert.hubert@netherlabs.nl>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: Brian Dickson <briand@ca.afilias.info>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: Joe Abley <jabley@ca.afilias.info>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: Jelte Jansen <jelte@NLnetLabs.nl>
- Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
  - From: Joe Abley <jabley@ca.afilias.info>

Prev by Date: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Next by Date: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Previous by thread: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Next by thread: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Index(es):
- Date
- Thread