<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:'times new roman', 'new york', times, serif;font-size:12pt"><div></div><div>Hi,</div><div><br></div><div>A self signed certificate that my browser treats as a masquerading site that is unsafe, lets stop deceiving ourself that we are an island in the vast internet we have to comply with big brother.</div><div><br></div><div>Have you ever tried to understand why you locally issued debit card has a VISA sign on it?</div><div><br></div><div>Regards<br> </div>Robert Yawe<br>KAY System Technologies Ltd<br>Phoenix House, 6th Floor<br>P O Box 55806 Nairobi, 00200<br>Kenya<br><br><div>Tel: +254722511225, +254202010696<div><br></div><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><br><div style="font-family:arial, helvetica, sans-serif;font-size:13px"><font size="2" face="Tahoma"><hr size="1"><b><span
style="font-weight: bold;">From:</span></b> Michuki Mwangi <michuki@swiftkenya.com><br><b><span style="font-weight: bold;">To:</span></b> robertyawe@yahoo.co.uk<br><b><span style="font-weight: bold;">Cc:</span></b> KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke><br><b><span style="font-weight: bold;">Sent:</span></b> Tue, 30 March, 2010 19:54:00<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [kictanet] KENIC is wanting<br></font><br>Hi Robert,<br><br>robert yawe wrote:<br>> Hi,<br>> <br>> How safe is .ke if the servers have questionable security certificates,<br>> it seems we are taking this ctld issues very lightly.<br>> <br><br>Funny that you interpret a self signed certificate as taking ccTLD<br>issues lightly.<br><br>> After attending ICANN I am now more informed about the importance of<br>> secure servers and the costs of lax dns issues.<br>> <br><br>Am still trying to see the
relationship between a openSSL self signed CA<br>and DNS security. You may want to provide more details on what your<br>understanding of secure servers is and where KENIC is failing.<br><br><br>From my understanding if KENIC were running;<br><br>a) Open recursive authoritative DNS servers for .KE<br>b) A vulnerable version of BIND or whatever DNS server they run<br>c) Without slave DNS servers distributed according to rfc2182<br>d) Unable to secure the .KE database (please see ICANN's ICP1 document)<br>e) not adhering to recommendations available from the two documents<br>mentioned above,<br><br>Then i would have a cause for concern.<br><br>However, if KENIC has gone to the extent of providing Secure HTTP<br>connection to their whois page page (its like google providing https<br>session to the google search page) - and they are at fault because they<br>did not pay a recognized Certificate Authority to have their certificate<br>signed. Then am at a loss
of what the meaning of lax DNS issues are.<br><br>Regards,<br><br>Michuki.<br><br>_______________________________________________<br>kictanet mailing list<br><a ymailto="mailto:kictanet@lists.kictanet.or.ke" href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br><a href="http://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">http://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br><br>This message was sent to: <a ymailto="mailto:robertyawe@yahoo.co.uk" href="mailto:robertyawe@yahoo.co.uk">robertyawe@yahoo.co.uk</a><br>Unsubscribe or change your options at <a href="http://lists.kictanet.or.ke/mailman/options/kictanet/robertyawe%40yahoo.co.uk" target="_blank">http://lists.kictanet.or.ke/mailman/options/kictanet/robertyawe%40yahoo.co.uk</a><br></div></div></div><div style="position:fixed"></div>
</div><br>
</body></html>