Hi Robert, robert yawe wrote:
Hi,
How safe is .ke if the servers have questionable security certificates, it seems we are taking this ctld issues very lightly.
Funny that you interpret a self signed certificate as taking ccTLD issues lightly.
After attending ICANN I am now more informed about the importance of secure servers and the costs of lax dns issues.
Am still trying to see the relationship between a openSSL self signed CA and DNS security. You may want to provide more details on what your understanding of secure servers is and where KENIC is failing.
From my understanding if KENIC were running;
a) Open recursive authoritative DNS servers for .KE b) A vulnerable version of BIND or whatever DNS server they run c) Without slave DNS servers distributed according to rfc2182 d) Unable to secure the .KE database (please see ICANN's ICP1 document) e) not adhering to recommendations available from the two documents mentioned above, Then i would have a cause for concern. However, if KENIC has gone to the extent of providing Secure HTTP connection to their whois page page (its like google providing https session to the google search page) - and they are at fault because they did not pay a recognized Certificate Authority to have their certificate signed. Then am at a loss of what the meaning of lax DNS issues are. Regards, Michuki.