Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS cache poisoning attacks -- are they real?

  • From: Edward Lewis
  • Date: Mon Mar 28 09:34:50 2005

At 20:15 -0500 3/26/05, Sean Donelan wrote:

effort.  Why has SSH been so successful, and DNSSEC stumbled so badly?
Short answer to that question alone. (Believe me, I've considered it too.)

SSH is an example of innovation that requires only the end points to cooperate - e.g., like TCP doing congestion control at the edges. In particular, the key exchange in SSH is simplistic...

DNSSEC is a change to the operations at the mythical core of the Internet. DNSSEC won't work until third parties are involved, i.e., the parents (et.al.) of the server are involved, not just the server and client. In particular, the key exchange in DNSSEC has been the sore spot.


Mythical core: in this case, the administration of the root zone, the TLDs, etc., not the routing/transit/peering core.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar

Achieving total enlightenment has taught me that ignorance is bliss.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.