Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] decentralized DNS... What's the state of DNSSEC implementation by those on this list.. ?

Seth David Schoen schoen at eff.org
Thu Mar 15 07:37:28 PDT 2012


James Losey writes:

> If the registry is wrong on a global level I can see where DNSSEC might not
> be sufficient. However, if a man-in-the-middle attack attempts to spook an
> attack to users in one region isn't this a case where DNSSEC would be
> effective, and result in an error
> code<http://www.iana.org/assignments/dns-parameters>?
> My understanding is that implementation of DNSSEC limits the ability for
> lazy censorship such as filtering queries (unless they simply gave a
> false "Non-Existent
> Domain" return code) or redirecting queries to other websites, both of
> which would be goals of interest to members of this list.

I might have misunderstood what the original poster was referring to,
in which case I apologize for making a misleading claim about what this
thread was about.  I thought the original poster was referring to
domain name seizures, not spoofed replies to DNS queries.  I agree
that DNSSEC is useful for detecting spoofed replies to queries.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107



More information about the liberationtech mailing list