Comments on: Internet Engineers to Congress: SOPA censorship will harm Internet security http://boingboing.net/2011/12/15/internet-engineers-to-congress.html Brain candy for Happy Mutants Fri, 24 May 2013 08:44:00 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Guest http://boingboing.net/2011/12/15/internet-engineers-to-congress.html#comment-1298771 Guest Fri, 16 Dec 2011 18:48:00 +0000 http://boingboing.net/?p=134422#comment-1298771 OK, so a SOPA blocked site in DNS returns a false response and DNSSEC shows the response has been tampered with. That is exactly what has happened, and the results are what you would expect. You don't use the response and you don't get to the site. I don't see how SOPA is a good idea, but I don't see how it interferes with DNSSEC if the goal is to prevent blocked sites from resolving. OK, so a SOPA blocked site in DNS returns a false response and DNSSEC shows the response has been tampered with.

That is exactly what has happened, and the results are what you would expect. You don’t use the response and you don’t get to the site.

I don’t see how SOPA is a good idea, but I don’t see how it interferes with DNSSEC if the goal is to prevent blocked sites from resolving.

]]> By: Matt Bennett http://boingboing.net/2011/12/15/internet-engineers-to-congress.html#comment-1297209 Matt Bennett Thu, 15 Dec 2011 16:08:00 +0000 http://boingboing.net/?p=134422#comment-1297209 News should be out at 10:30 CE, that's what I was told. News should be out at 10:30 CE, that’s what I was told.

]]> By: ComradeQuestions http://boingboing.net/2011/12/15/internet-engineers-to-congress.html#comment-1297196 ComradeQuestions Thu, 15 Dec 2011 15:45:00 +0000 http://boingboing.net/?p=134422#comment-1297196 Ah, indeed:  http://www.theregister.co.uk/2011/11/20/sopa_breaks_dnssec/ Though it seems at this point, without clients really doing DNSSEC enforcement, ISPs could simply set their resolvers to give NXDOMAIN replies to blacklisted sites without clients caring.  Though that's certainly not sustainable with the ultimate goal of DNSSEC. Interesting that legislators didn't simply put the mandate on domain registrars instead of ISPs. Ah, indeed:  http://www.theregister.co.uk/2011/11/20/sopa_breaks_dnssec/

Though it seems at this point, without clients really doing DNSSEC enforcement, ISPs could simply set their resolvers to give NXDOMAIN replies to blacklisted sites without clients caring.  Though that’s certainly not sustainable with the ultimate goal of DNSSEC.

Interesting that legislators didn’t simply put the mandate on domain registrars instead of ISPs.

]]> By: SaberUK http://boingboing.net/2011/12/15/internet-engineers-to-congress.html#comment-1297180 SaberUK Thu, 15 Dec 2011 15:23:00 +0000 http://boingboing.net/?p=134422#comment-1297180 DNS blocking is incompatible with DNSSEC. DNS blocking is incompatible with DNSSEC.

]]> By: ComradeQuestions http://boingboing.net/2011/12/15/internet-engineers-to-congress.html#comment-1297169 ComradeQuestions Thu, 15 Dec 2011 15:11:00 +0000 http://boingboing.net/?p=134422#comment-1297169 I'd be interested to hear more on how they envision DNS blocking to be a security risk.  I can imagine plenty of secondary issues, like people using insecure DNS that doesn't block these sites, or sites being blocked which provide security services.  But I can't think of how the act of simply breaking the DNS resolution of a site can have such dire consequences.  In fact, it's pretty standard practice for network security people to prevent resolution of malicious domains on their own DNS servers. Which isn't to say that these bills are a GOOD idea.  Far from it.  It just seems like they should provide more evidence of these issues, since we're always complaining about pro-copyright legislation not being evidence-based. I’d be interested to hear more on how they envision DNS blocking to be a security risk.  I can imagine plenty of secondary issues, like people using insecure DNS that doesn’t block these sites, or sites being blocked which provide security services.  But I can’t think of how the act of simply breaking the DNS resolution of a site can have such dire consequences.  In fact, it’s pretty standard practice for network security people to prevent resolution of malicious domains on their own DNS servers.

Which isn’t to say that these bills are a GOOD idea.  Far from it.  It just seems like they should provide more evidence of these issues, since we’re always complaining about pro-copyright legislation not being evidence-based.

]]> By: danimagoo http://boingboing.net/2011/12/15/internet-engineers-to-congress.html#comment-1297165 danimagoo Thu, 15 Dec 2011 15:10:00 +0000 http://boingboing.net/?p=134422#comment-1297165 Something tells me that this will be WAAAYY over the heads of congressmen who mostly still can't understand what the internet is beyond "a series of tubes." Something tells me that this will be WAAAYY over the heads of congressmen who mostly still can’t understand what the internet is beyond “a series of tubes.”

]]> By: SpaceBeers http://boingboing.net/2011/12/15/internet-engineers-to-congress.html#comment-1297152 SpaceBeers Thu, 15 Dec 2011 15:04:00 +0000 http://boingboing.net/?p=134422#comment-1297152 When do we find out the results of this? When do we find out the results of this?

]]>