North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Multiple DNS implementations vulnerable to cache poisoning

  • From: Joe Abley
  • Date: Wed Jul 09 12:32:26 2008

On 9 Jul 2008, at 12:05, Christopher Morrow wrote:

On Wed, Jul 9, 2008 at 11:41 AM, Steven M. Bellovin <[email protected] > wrote:

The ISC web page on the attack notes "DNSSEC is the only definitive
solution for this issue. Understanding that immediate DNSSEC deployment
is not a realistic expectation..." I wonder what NANOG folk can do
about the second part of that quote... 

get the root zone signed, get com/net/org/ccTLD's signed.. oh wait,
that's not nanog... doh!

The timeline for signing ORG was presented by PIR at the recent ICANN meeting in Paris.

http://par.icann.org/files/paris/RaadDNSSEC.pdf

The estimated timeline expressed that slide would have a signed ORG zone containing some DS records by the beginning of next year, with full mainstream availability (such that any registrant could use a DNSSEC-capable registrar to request a secure delegation) in 2010.


Joe