What DNS Is Not
drc at virtualized.org
Thu Nov 26 15:42:15 UTC 2009
On Nov 25, 2009, at 8:16 PM, Paul Vixie wrote:
> we have to fix DNS so that provider-in-the-middle attacks no longer work.
> (this is why in spite of its technical excellence i am not a DNSCURVE fan,
> and also why in spite of its technical suckitude i'm working on DNSSEC.)
As you know, as long as people rely on their ISPs for resolution services, DNSSEC isn't going to help. Where things get really offensive if when the ISPs _require_ customers (through port 53 blocking, T-Mobile Hotspot, I'm looking at you) to use the ISP's resolution services.
More information about the NANOG