DNS Hijacking by Cox
David Conrad
drc at virtualized.org
Mon Jul 23 14:16:14 UTC 2007
Steve,
On Jul 22, 2007, at 10:06 PM, Steven M. Bellovin wrote:
> I'm assuming fairly universal deployment.
...
> The net,
> though, under my assumptions, is that ISP-supplied user configurations
> will likely have the user's machine trust them, but sophisticated
> users
> will be able to override that -- and DNSSEC is very much something for
> sophisticated users.
On the authoritative side, what do you see as the financial incentive
to reach "fairly universal deployment"?
On the caching side, people can run their own validating caching
servers or they can rely on their ISP. Why do you think there will
be a radical shift in the way the vast majority of Internet users get
DNS services, that is, every grandmother running a validating caching
server on her grandson-managed PC? If you don't believe there will
be such a change, then DNSSEC doesn't help you since the end users
are trusting the operator of the validating caching server and that
operator is the one (in the case that triggered this thread) that
mucked with the data.
Rgds,
-drc
More information about the NANOG
mailing list