Hi, A self signed certificate that my browser treats as a masquerading site that is unsafe, lets stop deceiving ourself that we are an island in the vast internet we have to comply with big brother. Have you ever tried to understand why you locally issued debit card has a VISA sign on it? Regards Robert Yawe KAY System Technologies Ltd Phoenix House, 6th Floor P O Box 55806 Nairobi, 00200 Kenya Tel: +254722511225, +254202010696 ________________________________ From: Michuki Mwangi <michuki@swiftkenya.com> To: robertyawe@yahoo.co.uk Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Tue, 30 March, 2010 19:54:00 Subject: Re: [kictanet] KENIC is wanting Hi Robert, robert yawe wrote:
Hi,
How safe is .ke if the servers have questionable security certificates, it seems we are taking this ctld issues very lightly.
Funny that you interpret a self signed certificate as taking ccTLD issues lightly.
After attending ICANN I am now more informed about the importance of secure servers and the costs of lax dns issues.
Am still trying to see the relationship between a openSSL self signed CA and DNS security. You may want to provide more details on what your understanding of secure servers is and where KENIC is failing. From my understanding if KENIC were running; a) Open recursive authoritative DNS servers for .KE b) A vulnerable version of BIND or whatever DNS server they run c) Without slave DNS servers distributed according to rfc2182 d) Unable to secure the .KE database (please see ICANN's ICP1 document) e) not adhering to recommendations available from the two documents mentioned above, Then i would have a cause for concern. However, if KENIC has gone to the extent of providing Secure HTTP connection to their whois page page (its like google providing https session to the google search page) - and they are at fault because they did not pay a recognized Certificate Authority to have their certificate signed. Then am at a loss of what the meaning of lax DNS issues are. Regards, Michuki. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: robertyawe@yahoo.co.uk Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/robertyawe%40yahoo.co.u...