I tried to spot the number of Top Level Domains which have been running with DNSSEC. The good news is that there are 64 TLDs which are DNSSEC-enabled. However, there is also a bad news. Some TLDs (e.g. "se.", "th." and "lk.") are not using NSEC3 algorithm which can results in all domain names being captured away by bad guys by just a single command. By all means, because of the huge amount of domain name records in TLDs, they should be signed with NSEC3 for DNSSEC implmentations. There is no other choice. My screen dump below :
This is Warren Kwok's Internet note pad, electronic diary, online rubbish journal, whatever you might name it ! It is an archive of my random thoughts in a chronological order. I am not good at reporting boring things and change them to lively. If you find this blog boring, sorry that it is your problem.
2011/03/25
2011/03/20
DNSSEC Debugger
Verisign has rolled out a web-based DNSSEC debugging tool. The URL is at http://dnssec-debugger.verisignlabs.com/. It is useful and handy for troubleshooting DNSSEC configuration faults.
2011/03/19
IPv6 in Verizon 4G LTE ?
Verizon has launched the 4G LTE services on 17 March 2011. News around the world told us that Verizon has mandated the use of IPv6 in mobile devices. I am are eager to know if IPv6 addresses are assigned to mobile terminals. If so, that will be the greatest development of IPv6 in this year. I am waiting for friends in US to find this out for me.
2011/03/12
Fuck PCCW
All PCCW customers please fuck this company. Its overseas Internet has been severely gone due to submarine cable damages during the earth quake yesterday. Yet no official announcement has been made. We are kept in the dark.
The same situation happened during the Taiwan earth quake happened on 30 December 2006 and PCCW also did nothing.
PCCW is hopeless. It never leans from mistakes.
The same situation happened during the Taiwan earth quake happened on 30 December 2006 and PCCW also did nothing.
PCCW is hopeless. It never leans from mistakes.
2011/03/11
Dual-core Android Phone
If computers can be dual-core, why not smartphones.
The good news is that dual-core Android Phone has arrived at Hong Kong. The model is LG Optimus 2X.
Its CPU is NVIDIA Tegra 2 running at 1 GHz clock. I am not sure about the RAM size. However, if it can run Android 2.2, the memory size should be above 512 MB. My estimate is that it has 1G RAM.
The good news is that dual-core Android Phone has arrived at Hong Kong. The model is LG Optimus 2X.
Its CPU is NVIDIA Tegra 2 running at 1 GHz clock. I am not sure about the RAM size. However, if it can run Android 2.2, the memory size should be above 512 MB. My estimate is that it has 1G RAM.
2011/03/07
ipad2 or Android 3.0
Which tablet should I buy, ipad2 or Android 3.0. I am amazed by the elegant style and lower price of ipad2. However, I am also a keen supporter of open source software. If I buy ipad2, I feel guilty, like I betray the open source community. Of course, I can not afford both.
2011/03/05
Reclaim Class E address
There have been suggestions to reclaim the Class E address for Internet use as a way to alleviate the problem of IPv4 address exhaustion. Class E is in the range 240.0.0.0 to 254.255.255.254 and is reserved for experimental use. The number of available IP address is 268 million.
The suggestions can not be considered because almost all routers, firewalls and operating systems treat Class E as invalid addresses. It is not possible to change billion devices already in use now. Besides, the address range can only support global allocation for about 18 months. Why should people change every single device just for the sake of 18 months and why not move to IPv6 directly which can last for 50 - 100 years !
2011/03/03
DNSSEC can replace digital certificates
I checked that I have written quite a lot on DNSSEC. One thing I miss is that DNSSEC can replace digital certificates in authenticating a website. Digital certificates are quite expensive and they have the function of payload encryption apart from authentication. In case traffic encryption is not required, DNSSEC can provide website authentication satisfactorily at zero cost.
I hope browsers can be equipped with visual indication of DNSSEC status when accessing websites.
I hope browsers can be equipped with visual indication of DNSSEC status when accessing websites.
Subscribe to:
Posts (Atom)