Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] decentralized DNS... What's the state of DNSSEC implementation by those on this list.. ?

James Losey jameswlosey at
Thu Mar 15 07:42:21 PDT 2012


I may have missed the original post, and was going off the thread.
Addressing domain seizures is important, but could one way
around seizures be to mirror a website on TLDs in different jurisdictions?


On Thu, Mar 15, 2012 at 10:37 AM, Seth David Schoen <schoen at> wrote:

> James Losey writes:
> > If the registry is wrong on a global level I can see where DNSSEC might
> not
> > be sufficient. However, if a man-in-the-middle attack attempts to spook
> an
> > attack to users in one region isn't this a case where DNSSEC would be
> > effective, and result in an error
> > code<>?
> > My understanding is that implementation of DNSSEC limits the ability for
> > lazy censorship such as filtering queries (unless they simply gave a
> > false "Non-Existent
> > Domain" return code) or redirecting queries to other websites, both of
> > which would be goals of interest to members of this list.
> I might have misunderstood what the original poster was referring to,
> in which case I apologize for making a misleading claim about what this
> thread was about.  I thought the original poster was referring to
> domain name seizures, not spoofed replies to DNS queries.  I agree
> that DNSSEC is useful for detecting spoofed replies to queries.
> --
> Seth Schoen  <schoen at>
> Senior Staff Technologist             
> Electronic Frontier Foundation        
> 454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list