[BBLISA] BGP and multicast (thread renamed)

[Robert Keyes]

On Wed, 21 Jul 2010, Bill Bogstad wrote:

> Things change and other things stop working.  Most people won't pay
> for "perfect solutions", they just want things to work NOW.  That's
> life...

They may work, but they are "hacks" and not something that should be 
implemented if there's not a better solution. So, I'd say that DNSSEC has 
some strikes against it, regardless of its "working now". I don't have 
access to the data that you or Dean cite, so I can't even begin to say who 
is right. But I can say that DNS is a pretty critical part of the Internet 
infrastructure and ought to be treated as such.

But again, I feel as though we are going off the original thread. This 
time, even further than my change of title suggests. It would be 
interesting discussing this with those interested over a beer some time, 
but I don't want to subject the rest of the list subscribers to that which 
they can't scrutize and makes decisions about. As it stands now, I don't 
use DNSSEC nor DNSCurve. I've known, and tried to publicize, the woefully 
inadequate security of the DNS infrastructure to those who were in power 
for many years. Before Kaminsky, by years. I even had managed to insert a 
new TLD in one of the root servers many years ago, just as an example of 
how badly flawed the architecture is. Vixie was abusive. Others ignored 
me. Being ignored, some of my data was either recovered or replicated by 
others such as Kaminsky. All I can say is: this new .xxx domain is going 
to cause DNS chaos like we've never seen before, due to the DoS'ing of DNS 
servers. But I've talked too long after saying we should snip it short.

Reply to me in private or CC to others who have shown interest in the 
topic.

-Bob