Bill Stewart <bill.stewart@pobox.com> writes:
Matt - I'm interested in finding out Verisign's plans for DNSSEC support for the *.com and *.net wildcards. Are there obvious semantics for securing them?
Bill, I'm not Matt, but you may want to refer to the DNSSEC standard, it answers your question: <http://www.ietf.org/rfc/rfc2535.txt>. Wildcards work fine with DNSSEC. I believe DNSSEC is the least of our worries, since DNSSEC is not used in production, and likely won't be in its current incarnation anyway. Wildcards in DNS at the TLD level are already used (e.g. '.nu'), so that isn't something new, and the consequences are fairly well known. What is new is, on the other hand, is the buggy SMTP server that respond to all non-registered hosts. Analyzing the consequences this has for various anti-spam approaches might be an interesting exercise. Same goes for other protocols that, like SMTP, behave differently depending on if a host doesn't exist or refuse the connection. Regards, Simon