Verisign's Wildcard A-Records and DNSSEC Plans?
Simon Josefsson
jas at extundo.com
Tue Sep 16 08:58:29 PDT 2003
Bill Stewart <bill.stewart at pobox.com> writes:
> Matt - I'm interested in finding out Verisign's plans for
> DNSSEC support for the *.com and *.net wildcards.
> Are there obvious semantics for securing them?
Bill, I'm not Matt, but you may want to refer to the DNSSEC standard,
it answers your question: <http://www.ietf.org/rfc/rfc2535.txt>.
Wildcards work fine with DNSSEC.
I believe DNSSEC is the least of our worries, since DNSSEC is not used
in production, and likely won't be in its current incarnation anyway.
Wildcards in DNS at the TLD level are already used (e.g. '.nu'), so
that isn't something new, and the consequences are fairly well known.
What is new is, on the other hand, is the buggy SMTP server that
respond to all non-registered hosts. Analyzing the consequences this
has for various anti-spam approaches might be an interesting exercise.
Same goes for other protocols that, like SMTP, behave differently
depending on if a host doesn't exist or refuse the connection.
Regards,
Simon
More information about the cypherpunks-legacy
mailing list