DNS Hijacking by Cox

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Steve,

On Jul 22, 2007, at 10:06 PM, Steven M. Bellovin wrote:
> I'm assuming fairly universal deployment.
...
> The net,
> though, under my assumptions, is that ISP-supplied user configurations
> will likely have the user's machine trust them, but sophisticated  
> users
> will be able to override that -- and DNSSEC is very much something for
> sophisticated users.

On the authoritative side, what do you see as the financial incentive  
to reach "fairly universal deployment"?

On the caching side, people can run their own validating caching  
servers or they can rely on their ISP.  Why do you think there will  
be a radical shift in the way the vast majority of Internet users get  
DNS services, that is, every grandmother running a validating caching  
server on her grandson-managed PC?  If you don't believe there will  
be such a change, then DNSSEC doesn't help you since the end users  
are trusting the operator of the validating caching server and that  
operator is the one (in the case that triggered this thread) that  
mucked with the data.

Rgds,
-drc

• Previous message (by thread): DNS Hijacking by Cox
• Next message (by thread): DNS Hijacking by Cox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]