At 03:39 AM 9/10/2003 -0700, [EMAIL PROTECTED] wrote:
There are some other problems w/ using the DNS.
No revolkation process.
DNS caching
third-party trust (DNS admins != delegation holder)
Given high value /or low trust ...
nice paper. note that it claims this paper is being published to
establish IPR claims. there is prior art in several vectors.
you may wish to consider the following (although now expired)
Internet Drafts:
draft-ietf-dnsext-trustupdate-threshold-00
and a similar one authored by Mike
On Sun, Sep 10, 2006 at 08:30:53AM +1000, James A. Donald wrote:
--
Ben Laurie wrote:
Subject:
[dnsop] BIND and OpenSSL's RSA signature forging issue
From:
Ben Laurie [EMAIL PROTECTED]
Date:
Fri, 08 Sep 2006 11:40:44 +0100
To:
DNSEXT WG namedroppers@ops.ietf.org, (DNSSEC
On Fri, Mar 21, 2008 at 08:52:07AM +1000, James A. Donald wrote:
From time to time I hear that DNSSEC is working fine, and on examining
the matter I find it is working fine except that
Seems to me that if DNSSEC is actually working fine, I should be able to
provide an authoritative
On Sat, Mar 22, 2008 at 10:59:18AM +, Ben Laurie wrote:
[EMAIL PROTECTED] wrote:
On Fri, Mar 21, 2008 at 08:52:07AM +1000, James A. Donald wrote:
From time to time I hear that DNSSEC is working fine, and on examining
the matter I find it is working fine except that
Seems to me
On Sat, Mar 22, 2008 at 02:46:40PM +, Ben Laurie wrote:
[EMAIL PROTECTED] wrote:
Er... Allow me the option o fdisbeleiving your assertion.
PTR records can and do point to mutiple names. Some narrow
implementations have assumed that there will only be a single
data
(snicker) from the local firefox
en-us.add-ons.mozilla.com:443 uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)
--bill
On Fri, Nov 14, 2008 at 02:29:24PM -0700, Chad Perrin wrote:
On Fri, Nov 14, 2008 at 01:26:29PM +, [EMAIL PROTECTED] wrote:
(snicker) from the local firefox
en-us.add-ons.mozilla.com:443 uses an invalid security certificate.
The certificate is not trusted because the
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the DNS root key.
http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
In summary,
On Wed, Oct 14, 2009 at 07:22:27PM -0400, Perry E. Metzger wrote:
bmann...@vacation.karoshi.com writes:
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the
On Tue, Oct 20, 2009 at 09:20:04AM -0400, William Allen Simpson wrote:
Nicolas Williams wrote:
Getting DNSSEC deployed with sufficiently large KSKs should be priority #1.
I agree. Let's get something deployed, as that will lead to testing.
If 90 days for the 1024-bit ZSKs is too long,
On Sat, Jul 17, 2010 at 10:41:10AM -0400, Paul Wouters wrote:
On Fri, 16 Jul 2010, Taral wrote:
Neat, but not (yet) useful... only these TLDs have DS records:
The rest will follow soon. And it is not that you had to stop those
TLD trust anchors just now.
actually, soon is a
On Sun, Aug 22, 2010 at 11:51:01AM -0400, Anne Lynn Wheeler wrote:
On 08/22/2010 06:56 AM, Jakob Schlyter wrote:
There are a lot of work going on in this area, including how to use secure
DNS to
associate the key that appears in a TLS server's certificate with the the
intended
domain name
much of the discussion these past few weeks seems to be centered on channel and
container
protection, secure paths, encrypted file systems, etc. much effort has gone
into ensureing
opaque environments for data to flow. and while interesting and perhaps
useful, not a whole lot
of effort
14 matches
Mail list logo