Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?
jared at puck.nether.net
Fri Jul 25 13:03:10 UTC 2008
On Thu, Jul 24, 2008 at 08:37:55PM -0400, Valdis.Kletnieks at vt.edu wrote:
> On Thu, 24 Jul 2008 17:31:01 EDT, "Jay R. Ashworth" said:
> > But it seems to me that Paul, you are here espousing the opinion that
> > there's no business value in people being able to trust that the domain
> > name they heard on a TV ad and typed into a browser (let's ignore phishing
> > for the moment) actually takes them to E-Trade, and not RBN.
> The problem is that the business value, in general, accrues to the wrong
> It's useful and valuable for the *end user* and for *E-Trade* to be able to be
> sure they didn't go to RBN. The problem is that Joe Sixpack points his
> resolver stub at "Bubba's Bait, Tackle, and Internet Emporium ISP", and it's
> Bubba that has to fix stuff.
> And Bubba doesn't have a clear way to make money off the fixing - there's no
> way Bubba can explain to Joe that Bubba is more secure than the *other* bait,
> tackle, and DSL reseller in town, because Joe can't understand the problem....
> It doesn't help that apparently there's some multi-billion-dollar Bubbas out there.
I would argue most of the responsible providers took actions to
prepare for such a leak two weeks ago. Some places have longer test cycles,
so those fixes may be somewhere in the deployment queue. Change managment
policies can be a problem if you're a large telco, and I'm sympathetic.
Regarding Bubba, he won't likely move until there is a real problem,
this makes it on CNN, and even then, he may not understand what is going
on. That win2k server in the corner never got updated. But when he realizes
his business is at risk due to the buggy software, our pal Bubba will
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG