From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 18ED221F1D6 for ; Thu, 20 Mar 2014 09:52:20 -0700 (PDT) Received: by mail-ob0-f180.google.com with SMTP id wn1so1205404obc.11 for ; Thu, 20 Mar 2014 09:52:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=BFxqtQhOQzg35GlFdfTLPIhksINFc2MHe5Ipy/fwmig=; b=TziuDD8ltvcH6LlJPNJNXMUD0MI2o+kdTfSpcl9bnjWoRolKSe7+W0NR1nYJQtTjHF m2P3u4qzFHWi00ceg1v6yGEXZCFQ9AdnF7h9FXHVQ/QmrjMJMKFm+iZrHXDEnxYjyagK mRuUKlkFy3I6I/0VZ6v69CoP++qg+bmIItPV5zpTNWrhP3NiEAsnGswC7o2j54t1l85V VEC5HSTQTCyVgXts7hBozB2FnXN9EDqaXpr7Mkb23uNYTc+pUV7saa9S8rFyjaQz2Ki7 QDvES7/yW3JSE/vOpAQLPu71+cyDGxFPv565Jt0NfeQc1CEKEKjCJ8f763jRlXyjy5lh cc8Q== MIME-Version: 1.0 X-Received: by 10.182.148.106 with SMTP id tr10mr6836129obb.65.1395334339168; Thu, 20 Mar 2014 09:52:19 -0700 (PDT) Sender: gettysjim@gmail.com Received: by 10.76.84.162 with HTTP; Thu, 20 Mar 2014 09:52:19 -0700 (PDT) In-Reply-To: References: Date: Thu, 20 Mar 2014 12:52:19 -0400 X-Google-Sender-Auth: B0g7haDkQf4UuaiEyFjIxx1TuKE Message-ID: From: Jim Gettys To: Jim Reisert AD1C Content-Type: multipart/alternative; boundary=089e012940d8a1840b04f50c9701 Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] [Internet Service] Providers ignore routing and DNS security: experts X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 16:52:20 -0000 --089e012940d8a1840b04f50c9701 Content-Type: text/plain; charset=ISO-8859-1 On Wed, Mar 19, 2014 at 7:12 PM, Jim Reisert AD1C wrote: > "The temporary re-routing of the network that hosts Google's public > Domain Name System (DNS) servers shows that large parts of the > internet are open to hijacking, with attackers easily being able to > capture, alter and redirect traffic without users' knowledge, experts > say." > > > http://www.itnews.com.au/News/375374,providers-ignore-routing-and-dns-security-experts.aspx I gather from folks at Google that they have been working on DNSsec for a while. It's more complicated for Google's services than for most people. This was from interactions before this event. Dunno when they will start turning it on. It will be phased in across different services at different times. I suspect this event has upped the urgency, of course. And whether others are learning from this event is as always unclear. - Jim > > -- > Jim Reisert AD1C, , http://www.ad1c.us > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --089e012940d8a1840b04f50c9701 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable


On Wed= , Mar 19, 2014 at 7:12 PM, Jim Reisert AD1C <jjreisert@alum.mit.edu= > wrote:
"The temporary re-routing of the network that hosts G= oogle's public
Domain Name System (DNS) servers shows that large parts of the
internet are open to hijacking, with attackers easily being able to
capture, alter and redirect traffic without users' knowledge, experts say."

http://www.itnews.com.au/New= s/375374,providers-ignore-routing-and-dns-security-experts.aspx

I gather from folks at Google t= hat they have been working on DNSsec for a while. It's more complicated= for Google's services than for most people. =A0This was from interacti= ons before this event.

Dunno when they will start turning it on. =A0It will b= e phased in across different services at different times. =A0I suspect this= event has upped the urgency, of course. =A0And whether others are learning= from this event is as always unclear.
=A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0- Jim



--
Jim Reisert AD1C, <jjreisert@a= lum.mit.edu>, http:= //www.ad1c.us
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.= bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--089e012940d8a1840b04f50c9701--