I've done a lot of work with dns software and DNSsec isn't really necessary.
Getting everyone to use well-written dns software that doesn't honor bogus answers is what's needed. e.g. http://cr.yp.to/djbdns.html For more info on dns forgery: http://cr.yp.to/djbdns/forgery.html (it's no wonder DNSsec isn't accepted). If phishing is your concern, all the various forms of malware pose a much greater and more immediate threat... they are already stealing visitors, costing affiliate marketers a great deal of money, as well as directing unsuspecting surfers to fake phishing pages. And, BTW, taking advice from slashdotters on this topic is kind of like taking stock tips from the bum down on the street corner. -Russ At 04:36 PM 12/7/2005, George Kirikos wrote: >Hi, > >There was an article on DNSSEC on Slashdot today: > >http://it.slashdot.org/article.pl?sid=05/12/07/1640224&from=rss > >I was wondering whether this is something that would be offered by >Tucows one day, like SSL certs? I think it's still a couple of years >away, at least for .com, but if someone could write an executive >summary as to what we need to think about, as resellers, that would be >great. > >What it seems to be is a method to "sign" DNS responses, so that for >example when a user requests "www.example.com", the true "A" record is >returned, and not a faked reply from a phony nameserver that leads one >to a site where phishing or other bad things can happen. > >Sincerely, > >George Kirikos >http://www.kirikos.com/ >_______________________________________________ >domains-gen mailing list >[email protected] >http://discuss.tucows.com/mailman/listinfo/domains-gen _______________________________________________ domains-gen mailing list [email protected] http://discuss.tucows.com/mailman/listinfo/domains-gen
