[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
- To: Ted Lemon <Ted.Lemon@nominum.com>
- Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
- From: Ralph Droms <rdroms@cisco.com>
- Date: Thu, 07 Dec 2006 18:23:31 -0500
- Authentication-results: rtp-dkim-1; header.From=rdroms@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
- Cc: <shane_kerr@isc.org>, <namedroppers@ops.ietf.org>
- Delivery-date: Thu, 07 Dec 2006 23:25:28 +0000
- Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1291; t=1165533773; x=1166397773; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdroms@cisco.com; z=From:=20Ralph=20Droms=20<rdroms@cisco.com> |Subject:=20Re=3A=20Pimping=20DNSSEC=20(was=20Re=3A=20DNSSEC=20-=20Signat ure=20Only=20vs=20the=20MX/A=0A=20issue.) |Sender:=20 |To:=20Ted=20Lemon=20<Ted.Lemon@nominum.com>; bh=kKRdDunBkbQ78eg8QCWaZFY6i17KkTQz/eudR41iWaM=; b=YfYeTyv/yFxnD27T9N++B4N6tu4ya8p5eJ4TwSOhwcH2eWRE2baUxxPzcWXJ0KBIZwUCdmbA gudgg+rmqEI/4W24oTPo3XesDXSV3SYmLqr2x2DZEf0g9oPAddP+OPDm;
- Envelope-to: namedroppers-data@psg.com
- Thread-index: AccaVrUH87KulYZJEduPigARJOT6eg==
- Thread-topic: Pimping DNSSEC (was Re: DNSSEC - Signature Only vs the MX/A issue.)
- User-agent: Microsoft-Entourage/11.2.5.060620
Ted - I agree 100% that there are risks for loss of reputation, recovery
from customer losses due to fraud, etc. Perhaps those assets are as
tangible as direct theft of cash...
- Ralph
On 12/7/06 5:43 PM, "Ted Lemon" <Ted.Lemon@nominum.com> wrote:
> Ralph Droms wrote:
>> The immediate RoI isn't directly like locking your door, because you don't
>> have the risk of anything being stolen *directly* from you if you don't
>> apply DNSSEC to your zones. It's more indirect - somebody else trying to
>> access your website won't be robbed through a phishing attack if you put a
>> lock on your door.
>
> It depends on how much your reputation is worth. I was having dinner
> with a guy the other day whose site had been hacked using a SQL
> injection attack which resulted in customers' information being acquired
> and misused. He certainly didn't think that this was his customer's
> problem - indeed, his e-commerce site has been offline for three months
> now because they're so worried about the possibility of compromising
> their customer info again. DNSSEC doesn't solve this problem at all,
> but the point is that companies who don't have a monopoly, which is most
> companies, really do care whether their customers' transactions are safe.
>
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>