Internet Engineers to Congress: SOPA censorship will harm Internet security


7 Responses to “Internet Engineers to Congress: SOPA censorship will harm Internet security”

  1. SpaceBeers says:

    When do we find out the results of this?

  2. danimagoo says:

    Something tells me that this will be WAAAYY over the heads of congressmen who mostly still can’t understand what the internet is beyond “a series of tubes.”

  3. ComradeQuestions says:

    I’d be interested to hear more on how they envision DNS blocking to be a security risk.  I can imagine plenty of secondary issues, like people using insecure DNS that doesn’t block these sites, or sites being blocked which provide security services.  But I can’t think of how the act of simply breaking the DNS resolution of a site can have such dire consequences.  In fact, it’s pretty standard practice for network security people to prevent resolution of malicious domains on their own DNS servers.

    Which isn’t to say that these bills are a GOOD idea.  Far from it.  It just seems like they should provide more evidence of these issues, since we’re always complaining about pro-copyright legislation not being evidence-based.

    • SaberUK says:

      DNS blocking is incompatible with DNSSEC.

      • ComradeQuestions says:

        Ah, indeed:

        Though it seems at this point, without clients really doing DNSSEC enforcement, ISPs could simply set their resolvers to give NXDOMAIN replies to blacklisted sites without clients caring.  Though that’s certainly not sustainable with the ultimate goal of DNSSEC.

        Interesting that legislators didn’t simply put the mandate on domain registrars instead of ISPs.

      • Guest says:

        OK, so a SOPA blocked site in DNS returns a false response and DNSSEC shows the response has been tampered with.

        That is exactly what has happened, and the results are what you would expect. You don’t use the response and you don’t get to the site.

        I don’t see how SOPA is a good idea, but I don’t see how it interferes with DNSSEC if the goal is to prevent blocked sites from resolving.

  4. Matt Bennett says:

    News should be out at 10:30 CE, that’s what I was told.

Leave a Reply