Proofs… On of the tactics I have observed used by our cops/SS people (they are not gone, just spread all over the world) is that of scaring people and asking that you prove you don’t have a sister, or else.. you are hiding something.
Do you really think we should prove anything to anyone? All we need to make DNSSEC a success is to build more applications/layers that cannot exist without it, such as DANE. DANE is a good candidate, especially in light of the recent many reports on CA PKI failure for SSL. A very well known and understand problem in our community… but why is nobody speaking of it? The CA people will lose that cash cow. The CIA types will lose the MITM abilities that the present situation provides. But this will happen sooner or later. ‘now’ is just as good time as ‘some day’. Just my 0.02. Oh, and I am happy to see BG not mentioned :) Daniel > On Mar 18, 2015, at 6:51 PM, Richard Lamb <[email protected]> wrote: > > Yeah - we need proofs. This is all old news. But I suppose everyone must > air their concerns. I remember all the DEFCON/Moxie talks on this from a few > years ago. I think the key thing here is choice. -Rick > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Anne-Marie Eklund-Löwinder > Sent: Wednesday, March 18, 2015 9:33 AM > To: Anne-Marie Eklund-Löwinder; Daniel Stirnimann; David Conrad; > <[email protected]> > Subject: Re: [Dnssec-deployment] Clickbait: "Is the DNS' security protocol a > waste of everyone's time and money?" > > What annoys me the most is the spreading of FUD about weak crypto mechanisms > and that the key management are controlled by the government, without backing > up with any facts or proofs. > > Anne-Marie > > -----Ursprungligt meddelande----- > Från: [email protected] > [mailto:[email protected]] För Anne-Marie > Eklund-Löwinder > Skickat: den 18 mars 2015 17:05 > Till: Daniel Stirnimann; David Conrad; > <[email protected]> > Ämne: Re: [Dnssec-deployment] Clickbait: "Is the DNS' security protocol a > waste of everyone's time and money?" > > * PGP Signed: 2015-03-18 at 17:04:39 > > Hi Daniel, > > Thank you. I would suggest to make that very relevant comment to the article > in The Register. That would at least show that the writer aren't completely > aware of all facts. > > Anne-Marie > > > -----Ursprungligt meddelande----- > Från: Daniel Stirnimann [mailto:[email protected]] > Skickat: den 18 mars 2015 17:00 > Till: Anne-Marie Eklund-Löwinder; David Conrad; > <[email protected]> > Ämne: Re: [Dnssec-deployment] Clickbait: "Is the DNS' security protocol a > waste of everyone's time and money?" > >> Old Signed by an unverified key: 2015-03-18 at 16:59:47 > > Hello Anne-Marie > >> Anyway. I have asked for a correction in the article. The 2009 outage >> of .SE had nothing to do with dnssec, but with a missing trailing dot. >> That is fixed now. > > The TLD DNSSEC outage listed for .ch (January 2012) at > http://ianix.com/pub/dnssec-outages.html did not exist either. I had > discussed that with people from DNSViz some time ago, as I was not aware of > any issue during that time. > > I remember a DNS-OARC meeting when this URL popped up during a discussion. > It's kind of a problem if people refer to this URL as a proof for DNSSEC > failures when a lot of them did not happen i.e. were application/network > problems at DNSviz or even DNSSEC unrelated. > > Daniel > > -- > SWITCH > Daniel Stirnimann, SWITCH-CERT > Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, > direct +41 44 268 16 24 [email protected], http://www.switch.ch > > * Daniel Stirnimann <[email protected]> > * 0x82C510A4 - Unverified(L) > > * Anne-Marie Eklund-Lowinder <[email protected]> > * 0x42B1CF94
