[62212] in North American Network Operators' Group
RE: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking?
daemon@ATHENA.MIT.EDU (Eric Germann)
Tue Sep 16 18:18:51 2003
Reply-To: <ekgermann@cctec.com>
From: "Eric Germann" <ekgermann@cctec.com>
To: <Valdis.Kletnieks@vt.edu>
Cc: <nanog@merit.edu>
Date: Tue, 16 Sep 2003 18:10:34 -0400
In-Reply-To: <200309161817.h8GIHjYe018978@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_006D_01C37C7D.D2DF1F60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking?And
whats to say they don't get around our methods of blacklisting it by
changing the IP around every zone update?
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Valdis.Kletnieks@vt.edu
Sent: Tuesday, September 16, 2003 2:18 PM
To: bmanning@karoshi.com
Cc: bownes@web9.com; gmaxwell@martin.fl.us; haesu@towardex.com;
marius@marius.org; nanog@merit.edu
Subject: Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they
smoking?
On Tue, 16 Sep 2003 11:08:11 PDT, bmanning@karoshi.com said:
> > On Tue, 16 Sep 2003 09:59:40 PDT, bmanning@karoshi.com said:
> thats one aspect yes. the valdiation chain should tell
> you who signed the delegations. It won't lie.
> you will know that V'sign put that data there.
How frikking many hacks will we need to BIND9 to work around this
braindamage?
One to stuff back in the NXDomain if the A record points there, another to
do something with make-believe DNSsec from them..... What's next?
------=_NextPart_000_006D_01C37C7D.D2DF1F60
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Re: Verisign brain damage and DNSSec.....Was:Re: What =
*are* they smoking?</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D510150922-16092003><FONT face=3DArial color=3D#0000ff =
size=3D2>And=20
whats to say they don't get around our methods of blacklisting it by =
changing=20
the IP around every zone update?</FONT></SPAN></DIV>
<DIV><SPAN class=3D510150922-16092003><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> =
owner-nanog@merit.edu=20
[mailto:owner-nanog@merit.edu]<B>On Behalf Of=20
</B>Valdis.Kletnieks@vt.edu<BR><B>Sent:</B> Tuesday, September 16, =
2003 2:18=20
PM<BR><B>To:</B> bmanning@karoshi.com<BR><B>Cc:</B> bownes@web9.com;=20
gmaxwell@martin.fl.us; haesu@towardex.com; marius@marius.org;=20
nanog@merit.edu<BR><B>Subject:</B> Re: Verisign brain damage and=20
DNSSec.....Was:Re: What *are* they smoking?<BR><BR></FONT></DIV><!-- =
Converted from text/plain format -->
<P><FONT size=3D2>On Tue, 16 Sep 2003 11:08:11 PDT, =
bmanning@karoshi.com=20
said:</FONT> <BR><FONT size=3D2>> > On Tue, 16 Sep 2003 09:59:40 =
PDT,=20
bmanning@karoshi.com said:</FONT> </P>
<P><FONT size=3D2>> thats one aspect =
yes. the valdiation chain should tell</FONT> <BR><FONT =
size=3D2>>=20
you who signed the delegations. =
It won't=20
lie.</FONT> <BR><FONT size=3D2>> you =
will know=20
that V'sign put that data there.</FONT> </P>
<P><FONT size=3D2>How frikking many hacks will we need to BIND9 to =
work around=20
this braindamage?</FONT> <BR><FONT size=3D2>One to stuff back in the =
NXDomain if=20
the A record points there, another to</FONT> <BR><FONT size=3D2>do =
something=20
with make-believe DNSsec from them..... What's next?</FONT>=20
</P></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_006D_01C37C7D.D2DF1F60--
