Re: [fw-wiz] Allowing DNS servers to operate behind NetScreen 500

Date: 02/15/03

  • Next message: Brian Ford: "Re: [fw-wiz] insecurity in internet connection thro cable modems"
    To: Rob Payne <>
    Date: Sat, 15 Feb 2003 09:03:14 -0800

    > Tobias, is that some type of bait? DJB's ideas on the issue are quite
    > well known, he thinks we should all go back to a hosts file and
    > copying it from machine to machine. Are you using ``nym-based
    > security'', currently? When are you going to start?

    This is a ridiculous ad-hominem that has no relevance whatsoever to
    Bernstein's actual position in the DNS security controversy.

    At issue is whether any credible set of protocols and plans exists to
    cryptographically secure DNS with a hierarchy of keys. Since Vixie himself
    seems to have indicated that the DNSSEC protocols Bernstein has refused
    to implement were a false start, don't you feel a bit embarassed using
    them as an excuse to bash an implementor on a public mailing list?

    If the moderators of fw-wizards want to let the list become a forum for
    debating DNSSEC and the DNS security proposals, so be it. I question
    whether the expertise exists on this list to make that a productive

    Thomas H. Ptacek
    firewall-wizards mailing list