To:
Derek Atkins <warlord@MIT.EDU>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc:
namedroppers@ops.ietf.org, dnsop@cafax.se, dnssec@cafax.se
From:
"Hallam-Baker, Phillip" <pbaker@verisign.com>
Date:
Mon, 22 Jul 2002 13:22:06 -0700
Sender:
owner-dnsop@cafax.se
Subject:
RE: dnssec discussion today at noon
> You have clearly never been to an hotel where their Internet services > intercept all DNS queries regardless of where you send the message... > You cannot trust the infrastructure not to misbehave. Answer, I tend not to pay $10 per night just to surf the Internet from a hotel room and when I have I have been using a VPN which encrypts all the trafic. Question, what do you want the infrastructure to do in this situation? I believe that what a secure DNS infrastructure should do is inform you that you are subject to a DNS MiM attack. If you are going to use secure DNS then you probably want to use IPSEC to protect you trafic from hotel rooms and the like. If the institution blocks IPSEC then you should probably apply Moscow rules and not use the Internet at all. Phill