Yeah - we need proofs. This is all old news. But I suppose everyone must air their concerns. I remember all the DEFCON/Moxie talks on this from a few years ago. I think the key thing here is choice. -Rick
-----Original Message----- From: dnssec-deployment-boun...@dnssec-deployment.org [mailto:dnssec-deployment-boun...@dnssec-deployment.org] On Behalf Of Anne-Marie Eklund-Löwinder Sent: Wednesday, March 18, 2015 9:33 AM To: Anne-Marie Eklund-Löwinder; Daniel Stirnimann; David Conrad; <dnssec-deployment@dnssec-deployment.org> Subject: Re: [Dnssec-deployment] Clickbait: "Is the DNS' security protocol a waste of everyone's time and money?" What annoys me the most is the spreading of FUD about weak crypto mechanisms and that the key management are controlled by the government, without backing up with any facts or proofs. Anne-Marie -----Ursprungligt meddelande----- Från: dnssec-deployment-boun...@dnssec-deployment.org [mailto:dnssec-deployment-boun...@dnssec-deployment.org] För Anne-Marie Eklund-Löwinder Skickat: den 18 mars 2015 17:05 Till: Daniel Stirnimann; David Conrad; <dnssec-deployment@dnssec-deployment.org> Ämne: Re: [Dnssec-deployment] Clickbait: "Is the DNS' security protocol a waste of everyone's time and money?" * PGP Signed: 2015-03-18 at 17:04:39 Hi Daniel, Thank you. I would suggest to make that very relevant comment to the article in The Register. That would at least show that the writer aren't completely aware of all facts. Anne-Marie -----Ursprungligt meddelande----- Från: Daniel Stirnimann [mailto:daniel.stirnim...@switch.ch] Skickat: den 18 mars 2015 17:00 Till: Anne-Marie Eklund-Löwinder; David Conrad; <dnssec-deployment@dnssec-deployment.org> Ämne: Re: [Dnssec-deployment] Clickbait: "Is the DNS' security protocol a waste of everyone's time and money?" > Old Signed by an unverified key: 2015-03-18 at 16:59:47 Hello Anne-Marie > Anyway. I have asked for a correction in the article. The 2009 outage > of .SE had nothing to do with dnssec, but with a missing trailing dot. > That is fixed now. The TLD DNSSEC outage listed for .ch (January 2012) at http://ianix.com/pub/dnssec-outages.html did not exist either. I had discussed that with people from DNSViz some time ago, as I was not aware of any issue during that time. I remember a DNS-OARC meeting when this URL popped up during a discussion. It's kind of a problem if people refer to this URL as a proof for DNSSEC failures when a lot of them did not happen i.e. were application/network problems at DNSviz or even DNSSEC unrelated. Daniel -- SWITCH Daniel Stirnimann, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 24 daniel.stirnim...@switch.ch, http://www.switch.ch * Daniel Stirnimann <daniel.stirnim...@switch.ch> * 0x82C510A4 - Unverified(L) * Anne-Marie Eklund-Lowinder <anne-marie.eklund-lowin...@iis.se> * 0x42B1CF94
smime.p7s
Description: S/MIME cryptographic signature
