[62208] in North American Network Operators' Group
Re: Verisign brain damage and DNSSec.....Was:Re: What *are*
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Sep 16 17:55:39 2003
Date: Tue, 16 Sep 2003 14:17:45 -0400
From: Valdis.Kletnieks@vt.edu
To: bmanning@karoshi.com
Cc: bownes@web9.com, gmaxwell@martin.fl.us, haesu@towardex.com,
marius@marius.org, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------_=_NextPart_001_01C37C99.BA10A780
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Tue, 16 Sep 2003 11:08:11 PDT, bmanning@karoshi.com said:
> > On Tue, 16 Sep 2003 09:59:40 PDT, bmanning@karoshi.com said:
> thats one aspect yes. the valdiation chain should tell
> you who signed the delegations. It won't lie.
> you will know that V'sign put that data there.
How frikking many hacks will we need to BIND9 to work around this =
braindamage?
One to stuff back in the NXDomain if the A record points there, another =
to
do something with make-believe DNSsec from them..... What's next?
------_=_NextPart_001_01C37C99.BA10A780
Content-Type: text/html;
charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.0.6396.0">
<TITLE>Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they =
smoking?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>On Tue, 16 Sep 2003 11:08:11 PDT, bmanning@karoshi.com =
said:</FONT>
<BR><FONT SIZE=3D2>> > On Tue, 16 Sep 2003 09:59:40 PDT, =
bmanning@karoshi.com said:</FONT>
</P>
<P><FONT SIZE=3D2>> thats one aspect =
yes. the valdiation chain should tell</FONT>
<BR><FONT SIZE=3D2>> you who signed =
the delegations. It won't lie.</FONT>
<BR><FONT SIZE=3D2>> you will know =
that V'sign put that data there.</FONT>
</P>
<P><FONT SIZE=3D2>How frikking many hacks will we need to BIND9 to work =
around this braindamage?</FONT>
<BR><FONT SIZE=3D2>One to stuff back in the NXDomain if the A record =
points there, another to</FONT>
<BR><FONT SIZE=3D2>do something with make-believe DNSsec from them..... =
What's next?</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C37C99.BA10A780--
