Re: Question - Can DNSSEC be operated in a manner which meets Khaled mandates?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 On 7/22/2010 7:25 AM, Ted Ts'o wrote:
> On Wed, Jul 21, 2010 at 12:56:00PM -0700, todd glassey wrote:
>>  Folks - there is a Court Ruling from the 4th Appellate District which
>> is turning off Red Light Camera's everywhere and there is a question as
>> to whether that ruling would also effect how Secure DNS Services are run
>> and if so what would it do.
>>
>> The ruling is called California v Khaled and is getting significant
>> traction here in the State of California in all courts.
> I'd suggest that the IETF mailing list is probably not the best place
> to discuss whether or not a particular ruling regarding traffic
> cameras might be applicable to Secure DNS services.  That's really
> best done by a lawyer whom you have hired to represent you and your
> specific interests.
>
> I will note that one of the things begged by your rather opened-ended
> question is an assumption about the goals of Secure DNS.  If it is
> just to make it harder for DNS spoofing attacks to succeed, the answer
> is probably nothing (but check with a lawyer if you want to be sure;
> IANAL and I don't play one on TV).  If the goal is to establish a
> binding between a DNS name and an IP address which is suitable to be
> considered evidence in either a civil or criminal court of law, that's
> a different question.
>
> It's not clear to me that this latter goal is one that was considered
> one of high importantance when the Secure DNS design was first
> proposed --- or whether it's a goal that we should try to have now.
> This is especially true since there are a huge number of legal
> jourisdictions involved, and what might satisfy one appellate court
> might not satisfy another.
>
> Best regards,
>
> 					- Ted 

No offense Ted but this is exactly what I expect from you.

As it happens the reality is that the Use Model for DNSSEC which was in
fact set here in the IETF is critical to whether the DNSOP and DNSSEC
teams screwed the pooch by claiming that their secure DNS Service met
the legal requirements for evidence-systems operations. Or more
importantly - by intentionally and repeatedly refusing to review or meet
those in the design and operations-guidelines for the DNSSEC model which
is what many people said to that group formally

That you (or the management of the IETF and the DNSSEC initiative) would
try and duck around this now - that being their responsibility for that
set of decisions in the administrative and design process is yet another
reason the IETF needs much more transparency in its process  IMHO.

Todd Glassey



_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]