[ NNSquad ] DNS + DANE = Dumb, Dumber, Disaster (How to wreck secure communications)

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] DNS + DANE = Dumb, Dumber, Disaster (How to wreck secure communications)

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] DNS + DANE = Dumb, Dumber, Disaster (How to wreck secure communications)
From: Lauren Weinstein <lauren@vortex.com>
Date: Sat, 25 Jun 2011 10:34:27 -0700

DNS + DANE = Dumb, Dumber, Disaster (How to wreck secure communications)
http://j.mp/kMtruP  (This message on Google Buzz)

 - - -

In response to my posting earlier today regarding the limitations of
DNSSEC, several people asked for my thoughts on a proposed extension
to DNS called "DANE" (that effectively has DNSSEC as a prerequisite).

The idea of DANE is to use a "secure" DNSSEC environment to exchange the
digital certificates required for secure host-to-host communications
(that enable what is commonly called "SSL/TLS/https:" data transfers).

Oh yeah, DANE is just a, uh, "dandy" idea - IF your goals are the following:

1) Make virtually all common Internet secure communications dependent
   on the structurally obsolete DNS/DNSSEC model, thereby further
   entrenching the domain-industrial complex and the enrichment of its
   minions, by giving even *more* power to ICANN, registrars, and
   registries, etc.

2) Assure that the world's secure communications infrastructure (PKI)
   is easily and directly vulnerable to the same sorts of government
   overreaching and abuses that have characterized U.S. takedowns of
   domains around the world, including vast numbers of innocent
   domains, usually without significant due process, consultation, or
   adherence to the rights of either domestic or international domain
   owners.

So yes, if you enjoy watching the shenanigans of the current "DNS Mafia" 
and government malfeasance directed at the Domain Name System both 
domestically and internationally, and you want to see them have even 
*more* money and power, you're gonna just *love* DANE.

Sign up now.  Don't forget the cyanide-laced Kool-Aid for later.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein 
Google Buzz: http://j.mp/laurenbuzz 
Tel: +1 (818) 225-2800 / Skype: vortex.com

Prev by Date: [ NNSquad ] In Oz, Telstra wavers on censorship filter, fearing reprisals
Next by Date: [ NNSquad ] Link correction for "DNS + DANE" ... "How to Wreck Secure Internet Communications"
Previous by thread: [ NNSquad ] In Oz, Telstra wavers on censorship filter, fearing reprisals
Next by thread: [ NNSquad ] Link correction for "DNS + DANE" ... "How to Wreck Secure Internet Communications"
Index(es):
- Date
- Thread