From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gettysjim@gmail.com>
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com
	[IPv6:2607:f8b0:4003:c01::234])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 18ED221F1D6
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 20 Mar 2014 09:52:20 -0700 (PDT)
Received: by mail-ob0-f180.google.com with SMTP id wn1so1205404obc.11
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 20 Mar 2014 09:52:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:date:message-id:subject
	:from:to:cc:content-type;
	bh=BFxqtQhOQzg35GlFdfTLPIhksINFc2MHe5Ipy/fwmig=;
	b=TziuDD8ltvcH6LlJPNJNXMUD0MI2o+kdTfSpcl9bnjWoRolKSe7+W0NR1nYJQtTjHF
	m2P3u4qzFHWi00ceg1v6yGEXZCFQ9AdnF7h9FXHVQ/QmrjMJMKFm+iZrHXDEnxYjyagK
	mRuUKlkFy3I6I/0VZ6v69CoP++qg+bmIItPV5zpTNWrhP3NiEAsnGswC7o2j54t1l85V
	VEC5HSTQTCyVgXts7hBozB2FnXN9EDqaXpr7Mkb23uNYTc+pUV7saa9S8rFyjaQz2Ki7
	QDvES7/yW3JSE/vOpAQLPu71+cyDGxFPv565Jt0NfeQc1CEKEKjCJ8f763jRlXyjy5lh
	cc8Q==
MIME-Version: 1.0
X-Received: by 10.182.148.106 with SMTP id tr10mr6836129obb.65.1395334339168; 
	Thu, 20 Mar 2014 09:52:19 -0700 (PDT)
Sender: gettysjim@gmail.com
Received: by 10.76.84.162 with HTTP; Thu, 20 Mar 2014 09:52:19 -0700 (PDT)
In-Reply-To: <CAK-n8j6gXGnQeEk1NG+w0hEkFEkHUX5y1rpJVeYnSnqCTQU_6g@mail.gmail.com>
References: <CAK-n8j6gXGnQeEk1NG+w0hEkFEkHUX5y1rpJVeYnSnqCTQU_6g@mail.gmail.com>
Date: Thu, 20 Mar 2014 12:52:19 -0400
X-Google-Sender-Auth: B0g7haDkQf4UuaiEyFjIxx1TuKE
Message-ID: <CAGhGL2B90b1FUh+YhFugMkj0WyqF_-taxeH4tAHnn5iyrtjwSQ@mail.gmail.com>
From: Jim Gettys <jg@freedesktop.org>
To: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Content-Type: multipart/alternative; boundary=089e012940d8a1840b04f50c9701
Cc: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] [Internet Service] Providers ignore routing and
 DNS security: experts
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 16:52:20 -0000

--089e012940d8a1840b04f50c9701
Content-Type: text/plain; charset=ISO-8859-1

On Wed, Mar 19, 2014 at 7:12 PM, Jim Reisert AD1C <jjreisert@alum.mit.edu>wrote:

> "The temporary re-routing of the network that hosts Google's public
> Domain Name System (DNS) servers shows that large parts of the
> internet are open to hijacking, with attackers easily being able to
> capture, alter and redirect traffic without users' knowledge, experts
> say."
>
>
> http://www.itnews.com.au/News/375374,providers-ignore-routing-and-dns-security-experts.aspx


I gather from folks at Google that they have been working on DNSsec for a
while. It's more complicated for Google's services than for most people.
 This was from interactions before this event.

Dunno when they will start turning it on.  It will be phased in across
different services at different times.  I suspect this event has upped the
urgency, of course.  And whether others are learning from this event is as
always unclear.
                                 - Jim


>
> --
> Jim Reisert AD1C, <jjreisert@alum.mit.edu>, http://www.ad1c.us
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

--089e012940d8a1840b04f50c9701
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-size:small"><br=
></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Wed=
, Mar 19, 2014 at 7:12 PM, Jim Reisert AD1C <span dir=3D"ltr">&lt;<a href=
=3D"mailto:jjreisert@alum.mit.edu" target=3D"_blank">jjreisert@alum.mit.edu=
</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">&quot;The temporary re-routing of the network that hosts G=
oogle&#39;s public<br>

Domain Name System (DNS) servers shows that large parts of the<br>
internet are open to hijacking, with attackers easily being able to<br>
capture, alter and redirect traffic without users&#39; knowledge, experts<b=
r>
say.&quot;<br>
<br>
<a href=3D"http://www.itnews.com.au/News/375374,providers-ignore-routing-an=
d-dns-security-experts.aspx" target=3D"_blank">http://www.itnews.com.au/New=
s/375374,providers-ignore-routing-and-dns-security-experts.aspx</a></blockq=
uote>
<div><br></div><div class=3D"gmail_default">I gather from folks at Google t=
hat they have been working on DNSsec for a while. It&#39;s more complicated=
 for Google&#39;s services than for most people. =A0This was from interacti=
ons before this event.</div>
<div class=3D"gmail_default"><br></div><div class=3D"gmail_default" style=
=3D"font-size:small">Dunno when they will start turning it on. =A0It will b=
e phased in across different services at different times. =A0I suspect this=
 event has upped the urgency, of course. =A0And whether others are learning=
 from this event is as always unclear.</div>
<div class=3D"gmail_default" style=3D"font-size:small">=A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0- Jim</div><div class=3D"gma=
il_default" style=3D"font-size:small"><br></div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-=
color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
<span class=3D""><font color=3D"#888888"><br>
--<br>
Jim Reisert AD1C, &lt;<a href=3D"mailto:jjreisert@alum.mit.edu">jjreisert@a=
lum.mit.edu</a>&gt;, <a href=3D"http://www.ad1c.us" target=3D"_blank">http:=
//www.ad1c.us</a><br>
_______________________________________________<br>
Cerowrt-devel mailing list<br>
<a href=3D"mailto:Cerowrt-devel@lists.bufferbloat.net">Cerowrt-devel@lists.=
bufferbloat.net</a><br>
<a href=3D"https://lists.bufferbloat.net/listinfo/cerowrt-devel" target=3D"=
_blank">https://lists.bufferbloat.net/listinfo/cerowrt-devel</a><br>
</font></span></blockquote></div><br></div></div>

--089e012940d8a1840b04f50c9701--