cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Teus Hagen <teus AT theunis.org>
- To: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
- Cc: Greg Stark <gstark AT electrorent.com>
- Subject: [Cacert-sysadm] [Fwd: Re: DNS Security Issue]
- Date: Tue, 03 Mar 2009 12:34:00 +0100
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
- Openpgp: id=85796A23
FYI
I think the crit. system admin can go ahead. Give board a week to use
possible veto right.
teus
--- Begin Message ---Proposal initiated by Greg is: CAcert should look into running own DNS
- From: Teus Hagen <teus AT theunis.org>
- To: "'CAcert Board'" <cacert-board AT lists.cacert.org>
- Cc: Wytze van der Raay <wytze AT cacert.org>, Philipp Güh ring <philipp AT cacert.org>, Mendel Mobach <mendel AT mobach.nl>
- Subject: Re: DNS Security Issue
- Date: Tue, 03 Mar 2009 12:21:45 +0100
- List-archive: <https://lists.cacert.org/wws/arc/cacert-board>
- List-id: <cacert-board.lists.cacert.org>
- Openpgp: id=85796A23
service.
Crit tech team says: We can and if needed we should run this.
Tech team suggest to run DNSsec as soon as possible.
Board to agree with this?
My input: yes and certainly DNSsec falls into the category where CAcert
should be in front.
So two (board has seven members) feedbacks are there now from the board
which say: OK
If no vetos are sent from board members this week I would say go ahead.
Can crit. team look into this and takes the lead? If board decisions are
needed on this issue please forward that to the board.
teus
On 03/03/2009 10:23 AM, Wytze van der Raay wrote:
> Teus Hagen schreef:
>
>> Better to forward this question to the tech. team?
>>
>> On 03/03/2009 02:50 AM, Greg Stark wrote:
>>
>>> Philipp, Guillaume, Evado, & Teus,
>>> Is there a technical (lack or expertise) or security reason we do not
>>> operate our own DNS service? If there are none, then I would recommend
>>> that
>>> we do so.
>>>
>
> There is certainly no lack of expertise here with operating a DNS service.
> As for security reasons: I don't know why CAcert is not running its own
> DNS service. There may be historical reasons which I don't know about.
> If we are to run our own DNS, I would consider this to be part of the
> critical services, together with web, database and signing.
> It would not immediately require a separate physical or logical server,
> but could be handled by the current web/db server. Of course for future
> expansion, splitting it off to a separate server would be easy.
> In the future, we should also be running DNSSEC for CACert.org
> (which adds some key management work and adds some load due to the
> underlying cryptography). .ORG is introducing DNSSEC right now, and
> general availability for .org zones is scheduled for next year (2010).
>
> Best regards,
> -- wytze
>
--- End Message ---
- [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Teus Hagen, 03/03/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Evaldo Gardenali, 03/04/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Wytze van der Raay, 03/06/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Ian G (Audit), 03/06/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Philipp Guehring, 03/08/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Philipp Guehring, 03/08/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Wytze van der Raay, 03/09/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Ian G (Audit), 03/09/2009
Archive powered by MHonArc 2.6.16.