Paul has made it clear that there are holes in the DNS protocols that
cannot be fixed without DNSSEC. He isn't papering anything over -- he
is merely describing reality. If you want to be sarcastic to him for
doing his best and being honest in public, well, that's fine, but
frankly I think you are doing the community a serious disservice by
attacking Paul.
.pm
"Thomas H. Ptacek" writes:
so a statement from paul that the internet is effectively broken until
DNSSEC is acceptable to you even if there are known ways to combat known
attacks?
stop worshipping long enough to think about the ramifications of this.
ben
Ben,
so a statement from paul that the internet is effectively broken until
DNSSEC is acceptable to you even if there are known ways to combat known
attacks?stop worshipping long enough to think about the ramifications of this.
Reponsible participation in public discussion is a difficult challenge for
even the most capable contributor. For others, the challenge is quite
basic. They must listen carefully. They must consider carefully. They
must stay on the topic. They must use professional language and avoid ad
hominem distractions.
The fact that the security on your house is not optimal, it does not mean
that your house has no security. The fact that there are attacks which are
still feasible on the DNS does not mean that the DNS doesn't work.
("Broken" means doesn't work, in case there is confusion about your use of
language.)
So please note that your response to this thread reduce it to an
inaccurate assessment. Given the importance of the DNS and the difficulty
which the general public has dealing with network security issues, it would
be highly irresponsible to propagate inaccurate statements like the one above.
d/