On Feb 16, 2007, at 9:00 AM, Lutz Donnerhacke wrote:
* David Conrad wrote:
Running a caching resolver daemon should not require any end-user configuration. Keymanagment is not free in the first step.
Right. You have to run software update and click OK when new trust anchors need to be installed. End-users don't run caching servers for historical reasons having to do with CPU cycles and available RAM (and perhaps poor choices regarding configuration files in particular DNS software implementations). Those reasons don't apply anymore. Trusting the infrastructure between you and your ISP is merely creating a new target for attack. Or perhaps highlighting an existing target for attack. It also means you trust your ISP. As more and more ISPs see "sitefinder"-like functionality as a way of making more money faster, that trust is less and less tenable. Rgds, -drc