[105932] in North American Network Operators' Group
Re: Multiple DNS implementations vulnerable to cache poisoning
daemon@ATHENA.MIT.EDU (Joao Damas)
Thu Jul 10 06:17:28 2008
From: Joao Damas <Joao_Damas@isc.org>
To: nanog@merit.edu
In-Reply-To: <48754701.9000409@psg.com>
Date: Thu, 10 Jul 2008 12:17:08 +0200
Errors-To: nanog-bounces@nanog.org
I would love to get input on that be it in Dublin or elsewhere, both
sides: the authoritative server and the recursive validator. We have
ideas and want to do this but I will not claim to be the owner of THE
TRUTH, so input is much desired.
Joao
PS: I would also want a copy of, or a secure method to access, the
public part of the keys you use to sign those ccTLDs so I can place
them in ISC's DLV registry
On 10 Jul 2008, at 01:17, Randy Bush wrote:
> David Conrad wrote:
>>>> There are 4 ccTLDs (se, bg, pr, br) that are signed.
>>> wanna crawl in a corner in dublin and i can sign a few?
>> Love to. We can also put your trust anchors in the prototype ITAR
>> (see
>> the first part of
>> https://par.icann.org/files/paris/IANAReportKim_24Jun08.pdf).
>
> aside from just getting some cctlds signed, i will be interested in
> the
> tools, usability, work flow, ... i.e. what is it like for a poor
> innocent cctld which wants to sign their zone?
>
> randy
