[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ike and secure DNS

To: smb@research.att.com (Steven M. Bellovin)
Subject: Re: ike and secure DNS
From: Bill Manning <bmanning@ISI.EDU>
Date: Wed, 11 Oct 2000 08:36:01 -0700 (PDT)
Cc: bmanning@ISI.EDU (Bill Manning), warlord@mit.edu (Derek Atkins), hugo@ee.technion.ac.il (Hugo Krawczyk), henry@spsystems.net (Henry Spencer), ipsec@lists.tislabs.com (ipsec)
In-Reply-To: <20001011152706.E479D35DC2@smb.research.att.com> from "Steven M. Bellovin" at Oct 11, 2000 11:27:05 AM
Sender: owner-ipsec@lists.tislabs.com

% 
% In message <200010111521.IAA25142@zed.isi.edu>, Bill Manning writes:
% >% My point is that the records of who owns (or has the delegation for, if 
% >% you prefer) address blocks are not very good.  Why sign something that 
% >% isn't correct to start with?
% >% 
% >% 		--Steve Bellovin
% >
% >What is the source of your concern?  That the various RIR whois data is 
% >inaccurate? Or that the delegations themselves are "busted", ie. no working
% >servers?
% 
% The former is the main issue.
% 
% 		--Steve Bellovin

Ah, a known issue. At least one RIR has baroque methods for updating
contact data and significant penelties (including fiscal) if the current 
rules are not enforced when an update is attempted. There is also limited 
encourgment to facilitate local administration of such data (eg. rWhois)
These conspire to ensure people do not touch the RIR data unless 
absolutely needed. But the DNS delegations work and it is possible to 
get accurate data from the delegation heirarchy even if the whois data
is wrong. And since we are talking about the DNS and not whois, I'm
less concerned.

--bill

References:

Re: ike and secure DNS

From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: Re: ike and secure DNS
Next by Date: Re: ike and secure DNS
Prev by thread: Re: ike and secure DNS
Next by thread: Safety of pre-shared keys? (Re: Reliable delete notifies)
Index(es):
- Main
- Thread