On Wed, 21 Jul 2010, Bill Bogstad wrote: > Things change and other things stop working. Most people won't pay > for "perfect solutions", they just want things to work NOW. That's > life...
They may work, but they are "hacks" and not something that should be implemented if there's not a better solution. So, I'd say that DNSSEC has some strikes against it, regardless of its "working now". I don't have access to the data that you or Dean cite, so I can't even begin to say who is right. But I can say that DNS is a pretty critical part of the Internet infrastructure and ought to be treated as such. But again, I feel as though we are going off the original thread. This time, even further than my change of title suggests. It would be interesting discussing this with those interested over a beer some time, but I don't want to subject the rest of the list subscribers to that which they can't scrutize and makes decisions about. As it stands now, I don't use DNSSEC nor DNSCurve. I've known, and tried to publicize, the woefully inadequate security of the DNS infrastructure to those who were in power for many years. Before Kaminsky, by years. I even had managed to insert a new TLD in one of the root servers many years ago, just as an example of how badly flawed the architecture is. Vixie was abusive. Others ignored me. Being ignored, some of my data was either recovered or replicated by others such as Kaminsky. All I can say is: this new .xxx domain is going to cause DNS chaos like we've never seen before, due to the DoS'ing of DNS servers. But I've talked too long after saying we should snip it short. Reply to me in private or CC to others who have shown interest in the topic. -Bob _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
