North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: US government mandates? use of DNSSEC by federal agencies
Michael, On Aug 27, 2008, at 5:15 PM, Michael Thomas wrote: Sure, but my point is that if DNSsec all of a sudden has some relevance Yep. As in, .gov could quite possibly setting themselves up for self-inflicted denial of service given buginess in the signers, the verifiers or both. Given how long the signers and verifiers have been around, I suspect a more likely failure mode is folks running caching servers forgetting to update trust anchors and/or signers forgetting to resign before the validity period expires. However, bugs do happen... Given how integral DNS is to everything, it seems a little scary to just I agree and I know for certain this has been suggested in the past for at least one of the validating caching servers. However, I gather this hasn't been implemented.... Regards, -drc
|