[kictanet] KENIC is wanting

robert yawe robertyawe at yahoo.co.uk
Sat Apr 3 12:06:51 EAT 2010


Hi,

A self signed certificate that my browser treats as a masquerading site that is unsafe, lets stop deceiving ourself that we are an island in the vast internet we have to comply with big brother.

Have you ever tried to understand why you locally issued debit card has a VISA sign on it?

Regards
 Robert Yawe
KAY System Technologies Ltd
Phoenix House, 6th Floor
P O Box 55806 Nairobi, 00200
Kenya


Tel: +254722511225, +254202010696




________________________________
From: Michuki Mwangi <michuki at swiftkenya.com>
To: robertyawe at yahoo.co.uk
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Sent: Tue, 30 March, 2010 19:54:00
Subject: Re: [kictanet] KENIC is wanting

Hi Robert,

robert yawe wrote:
> Hi,
> 
> How safe is .ke if the servers have questionable security certificates,
> it seems we are taking this ctld issues very lightly.
> 

Funny that you interpret a self signed certificate as taking ccTLD
issues lightly.

> After attending ICANN I am now more informed about the importance of
> secure servers and the costs of lax dns issues.
> 

Am still trying to see the relationship between a openSSL self signed CA
and DNS security. You may want to provide more details on what your
understanding of secure servers is and where KENIC is failing.


From my understanding if KENIC were running;

a) Open recursive authoritative DNS servers for .KE
b) A vulnerable version of BIND or whatever DNS server they run
c) Without slave DNS servers distributed according to rfc2182
d) Unable to secure the .KE database (please see ICANN's ICP1 document)
e) not adhering to recommendations available from the two documents
mentioned above,

Then i would have a cause for concern.

However, if KENIC has gone to the extent of providing Secure HTTP
connection to their whois page page (its like google providing https
session to the google search page) - and they are at fault because they
did not pay a recognized Certificate Authority to have their certificate
signed. Then am at a loss of what the meaning of lax DNS issues are.

Regards,

Michuki.

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: robertyawe at yahoo.co.uk
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/robertyawe%40yahoo.co.uk



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20100403/4f7882bb/attachment.htm>


More information about the KICTANet mailing list