DNSSEC is not a PKI. There are no CAs and no X.509 certificates. It's a chain
of trust that can be validated using public/private key pairs. OK, that's
oversimplification but you get the idea.
While we wait for applications to become DNSSEC-aware, if your local DNS server
can be trusted (a
Looks like they found a new willing partner.
AS32335 PACIFICINTERNETEXCHANGE-NET - Pacific Internet Exchange LLC.
http://cidr-report.org/cgi-bin/as-report?as=AS27595
http://www.pacificinternetexchange.net/
Marc
Nothing will change. You think DNSSEC is hard? Try getting support for the
deployment of S-BGP or soBGP. Without a trust anchor and lots of community
support it will remain largely an academic interest area.
Marc
--Original Message--
From: Gadi Evron
To: Frank
Cc: NANOG list
Sent:
Yes, wonderful preso! My biggest take-away was the fact that the vast majority
of the attendees did not understand the gravity of the demo. The same thing
could be said about Dan's talk. It was over the heads of most attendees.
Marc
--Original Message--
From: Gadi Evron
To: Sachs,
I'll have to admit that the TTL manipulation was something I had not thought
about. But why not? If you are going to purloin EVERY packet then why not
re-write byte 8 in every IP header to a value of your choosing? Very cool.
Marc
--Original Message--
From: Jason Ross
To: Sachs,
Here's some older ones:
http://pdp-10.trailing-edge.com/cgi-bin/searchbyname?name=hosts.txt
Prior to departing SRI last year I spent a bunch of time trying to find some of
the old SRI-NIC records. It appears that they were all cleaned out once the
contract was closed and the Internet was
6 matches
Mail list logo
