[119693] in North American Network Operators' Group
Re: What DNS Is Not
daemon@ATHENA.MIT.EDU (David Conrad)
Thu Nov 26 10:43:21 2009
From: David Conrad <drc@virtualized.org>
In-Reply-To: <g3hbshdioe.fsf@nsa.vix.com>
Date: Thu, 26 Nov 2009 07:42:15 -0800
To: Paul Vixie <vixie@isc.org>
Cc: nanog@merit.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 25, 2009, at 8:16 PM, Paul Vixie wrote:
> we have to fix DNS so that provider-in-the-middle attacks no longer =
work.
> (this is why in spite of its technical excellence i am not a DNSCURVE =
fan,
> and also why in spite of its technical suckitude i'm working on =
DNSSEC.)
As you know, as long as people rely on their ISPs for resolution =
services, DNSSEC isn't going to help. Where things get really offensive =
if when the ISPs _require_ customers (through port 53 blocking, T-Mobile =
Hotspot, I'm looking at you) to use the ISP's resolution services.
Regards,
-drc
