[ NNSquad ] Re: FW: [ga] the future .. DNS National Security and the ICANN clowns

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: FW: [ga] the future .. DNS National Security and the ICANN clowns

To: Lauren Weinstein <lauren@pfir.org>
Subject: [ NNSquad ] Re: FW: [ga] the future .. DNS National Security and the ICANN clowns
From: Rich Kulawiec <rsk@gsp.org>
Date: Tue, 13 Apr 2010 14:38:08 -0400
Cc: nnsquad@nnsquad.org

On Mon, Apr 12, 2010 at 03:29:33PM -0700, Lauren Weinstein wrote:
> Comments either way, anyone?

There was just an extensive discussion about this on dns-operations
in February.  I've put a Unix mbox-style archive of it here:

	http://www.firemountain.net/~rsk/curve.mbox

for those who wish to read it.  The most succinct and apropos comment
appears to me to have come from Crist Clark, and it reads in part:

> This argument is going to go nowhere. There is no point in pretending
> that DNSCurve is in anyway a substitute or competitor to DNSSEC.
> 
> As the DNSCurve IETF draft says,
> 
>    DNSCurve only provides link-level security between a client-server
>    pair.  It does not attempt to ensure end-to-end security for queries
>    and responses relayed by untrusted DNS proxies and caches.
> 
> Whereas end-to-end security is the purpose of DNSSEC. In DNSSEC, anyone
> can verify the authenticity of a RR from its source. In DNSCurve,
> you know the response was actually from the server you queried, and
> it's just "trust me" for all of the magic behind that recursive
> resolver.

However, there are many other illuminating comments in that discussion
thread, so I urge those interested to read the entire thing.

---Rsk

   [ Without addressing DNSSEC technical issues at this point,
     I can't avoid the increasingly overwhelming sense that
     we're building enormously complex edifices on a foundation
     that was never designed to support such structures, and
     that it is turning to quicksand as a result, putting at 
     risk much of what we've built -- and especially putting
     Internet services and consumers at risk.

     To my way of thinking, this suggests that it's time to
     "radically" rethink the existing pardigms, rather than keep
     piling more and more complicated "stuff" on top of an already
     overburdened and collapsing pile.  And I mean this not only in a
     technical sense, but in both a public interest and political
     sense as well.

     I'll have more to say about this shortly.

        -- Lauren Weinstein
           NNSquad Moderator ]

Follow-Ups:
- [ NNSquad ] Re: FW: [ga] the future .. DNS National Security and the ICANN clowns
  - From: "Bob Frankston" <Bob19-0501@bobf.frankston.com>

References:
- [ NNSquad ] FW: [ga] the future .. DNS National Security and the ICANN clowns
  - From: Lauren Weinstein <lauren@pfir.org>

Prev by Date: [ NNSquad ] Could it happen here?
Next by Date: [ NNSquad ] How File-Sharers Will Bypass UK's Anti-Piracy Act
Previous by thread: [ NNSquad ] Re: FW: [ga] the future .. DNS National Security and the ICANN clowns
Next by thread: [ NNSquad ] Re: FW: [ga] the future .. DNS National Security and the ICANN clowns
Index(es):
- Date
- Thread