[dnssec-deployment] DNSSEC for ENUM
mcr at sandelman.ottawa.on.ca
Mon Jan 21 07:52:07 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Lutz" == Lutz Donnerhacke <lutz at iks-jena.de> writes:
Lutz> I'd like to inform you, that I try to get DNSSEC as a
Lutz> requirement for an upcoming ENUM seal. The risk of modified
Lutz> data (by hotels which want to prohibit VoIP or gouvernmental
Lutz> intercepting dreams) is too high for unverified
Lutz> information. OTOH ENUM is an area where DNSSEC drawbacks
Lutz> (bogus zones caused by mismaintainance) does not harm that
Lutz> much due to the POTS fallback.
I'm a bit confused by this threat analysis as it relates to hotels.
A hotel wants to prohibit VoIP/ENUM can just break the zone by
breaking DNSSEC, and that will cause a fallback to the hotels metered
PSTN. Or do you think that breaking DNSSEC will cause sufficient
complaints that the hotel will get no money for the internet connection?
In the case of ENUM, you don't have to break all the zones either,
just one or two.
Government interception, I see the point.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
]mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
]panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dnssec-deployment