U.S. DoC SSAC says DNS redirections a no no.
Joe Baptista
http://joebaptista.wordpress.com/2009/06/24/u-s-doc-ssac-says-dns-redirections-a-no-no/
U.S. DoC SSAC says DNS redirections a no no.
June 24, 2009
Joe Baptista says Don't Panic ... SSAC is a joke.
This is serious stuff folks! Do we Internet users trust the U.S. government with the keys to our computers? I don’t! CLICK to VOTE.
A review of a report published June 10 2009 from the Security and Stability Advisory Committee (SSAC), a U.S. government contractor.
SSAC a committee of the Internet Corporation for Assigned Names and Numbers (ICANN), the government contractor who runs most of the planets Internet on behalf of the U.S., in a recent report claims that DNS redirections present a potential security risk. It further claimed the practice could result in an “erosion of trust relationships and the creation of new opportunities for malicious attack”. The report recommends that ICANN “prohibit the use of redirection and synthesized responses by new TLDs”.
The claim is nonsense and self serving. DNS redirection does not pose a security risk to the Internet. It solves a number of technical issues related to traffic and is an excellent marketing tool for Internet service providers and Top-Level Domain (TLD) operators.
I think the report is self serving because the sole justification for this report is found in the claim that the practice, extensively used by service providers and TLD operators, is an “erosion of trust relationships”. The only trust being eroded is ICANN’s ability to control the Internet.
The “erosion of trust” reference is in fact ICANN speak to make all of us compliant with DNSSEC (Domain Name System Security Extensions). DNSSEC does not work under DNS redirection.
DNSSEC = CONTROL
DNSSEC is an evil protocol who’s sole purpose is to reverse engineer the Internet and take over control of a core process. In short ICANN an agency of the U.S. Government wants to hold the keys to your computer. DNSSEC forces any computer using the protocol to trust Uncle Sam. Are you ready for that. I’m not.
Top level domain (TLD) operators are increasingly adopting the practice of redirecting queries for inactive domains to their own pages. This solve a big problem some operators have. The constant traffic at TLD servers for dead domains. It also is a marketing opportunity and a means of generating sales for TLD registries.
In most cases a notice to the user is given that the domain no longer exists but is available for purchase. The user gets a simple to understand web page and the TLD operator makes some bucks on a sale. I see nothing wrong with that. I think we call it commerce.
ICANN will attempt to control DNS redirection via contracts with new TLD operators. There is nothing ICANN can do about service providers redirecting traffic or existing contracts with legacy TLD operators.
EOL
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative & Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
Personal: www.joebaptista.wordpress.com