Re: DNS Hijacking by Cox

North American Network Operators Group

Re: DNS Hijacking by Cox

From: David Conrad
Date: Mon Jul 23 10:18:53 2007

Steve,

On Jul 22, 2007, at 10:06 PM, Steven M. Bellovin wrote:

I'm assuming fairly universal deployment.

...

The net, though, under my assumptions, is that ISP-supplied user configurations will likely have the user's machine trust them, but sophisticated users will be able to override that -- and DNSSEC is very much something for sophisticated users.

On the authoritative side, what do you see as the financial incentive to reach "fairly universal deployment"?

On the caching side, people can run their own validating caching servers or they can rely on their ISP. Why do you think there will be a radical shift in the way the vast majority of Internet users get DNS services, that is, every grandmother running a validating caching server on her grandson-managed PC? If you don't believe there will be such a change, then DNSSEC doesn't help you since the end users are trusting the operator of the validating caching server and that operator is the one (in the case that triggered this thread) that mucked with the data.

Rgds,
-drc

References:
- DNS Hijacking by Cox Andrew Matthews
- Re: DNS Hijacking by Cox Steven M. Bellovin
- Re: DNS Hijacking by Cox Patrick W. Gilmore
- Re: DNS Hijacking by Cox Steven M. Bellovin
- Re: DNS Hijacking by Cox Steven M. Bellovin

Prev by Date: Re: DNS Hijacking by Cox
Next by Date: Re: DNS Hijacking by Cox
Date Index
Thread Index
Author Index
Historical