[kictanet] KENIC is wanting
Michuki Mwangi
michuki at swiftkenya.com
Tue Mar 30 19:54:00 EAT 2010
Hi Robert,
robert yawe wrote:
> Hi,
>
> How safe is .ke if the servers have questionable security certificates,
> it seems we are taking this ctld issues very lightly.
>
Funny that you interpret a self signed certificate as taking ccTLD
issues lightly.
> After attending ICANN I am now more informed about the importance of
> secure servers and the costs of lax dns issues.
>
Am still trying to see the relationship between a openSSL self signed CA
and DNS security. You may want to provide more details on what your
understanding of secure servers is and where KENIC is failing.
>From my understanding if KENIC were running;
a) Open recursive authoritative DNS servers for .KE
b) A vulnerable version of BIND or whatever DNS server they run
c) Without slave DNS servers distributed according to rfc2182
d) Unable to secure the .KE database (please see ICANN's ICP1 document)
e) not adhering to recommendations available from the two documents
mentioned above,
Then i would have a cause for concern.
However, if KENIC has gone to the extent of providing Secure HTTP
connection to their whois page page (its like google providing https
session to the google search page) - and they are at fault because they
did not pay a recognized Certificate Authority to have their certificate
signed. Then am at a loss of what the meaning of lax DNS issues are.
Regards,
Michuki.
More information about the KICTANet
mailing list