NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Russia
From:
McTim <[log in to unmask]>
Reply To:
McTim <[log in to unmask]>
Date:
Sat, 2 Dec 2017 21:38:02 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
Hi Enrique,



On Sat, Dec 2, 2017 at 1:32 PM, Enrique Chaparro
<[log in to unmask]> wrote:
> There is an interesting side to consider — and if I were any of the
> BRICS governments I would have paid close attention to it): since
> DNSSEC extensions (RFCs 2535, 4033, 4034 and related ones) started
> to spread, the whole name system structure became completely dependent
> on a strongly hierachycal chain of authentication

correct

> relying on CAx

DNSSEC uses crypto signatures, not certificate authorities,



> which, if controlled by an adversary, could black out huge sectors
> of the 'net. DNSSEC is also prone to government snooping (and in
> this case that should be read as 'other governments' snooping).


nope, not prone to snooping by anyone, not anymore than the regular
DNS is prone to "snooping".


-- 
Cheers,

McTim
The 'name' of a resource indicates *what* we seek, an 'address'
indicates *where* it is, and a 'route' tells us *how to get there*.

ATOM RSS1 RSS2