<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_22_1540205</id>
	<title>80\% of<nobr> <wbr></nobr>.gov Web Sites Miss DNSSEC Deadline</title>
	<author>kdawson</author>
	<datestamp>1264176720000</datestamp>
	<htmltext>netbuzz writes <i>"Eighty percent of US federal agencies &mdash; including the Department of Homeland Security &mdash; have <a href="http://www.networkworld.com/news/2010/012010-dns-security-deadline-missed.html">missed a deadline to deploy DNS Security Extensions</a>, a new authentication mechanism designed to prevent hackers from hijacking Web traffic. The deadline that whooshed by was Dec. 31, 2009. Experts disagree as to whether this level of deployment represents a failure or reasonable progress toward meeting a mandate set by the Office of Management and Budget in the summer of 2008. OMB officials declined to say why the agency hasn't enforced the DNSSEC deadline for executive branch departments."</i></htmltext>
<tokenext>netbuzz writes " Eighty percent of US federal agencies    including the Department of Homeland Security    have missed a deadline to deploy DNS Security Extensions , a new authentication mechanism designed to prevent hackers from hijacking Web traffic .
The deadline that whooshed by was Dec. 31 , 2009 .
Experts disagree as to whether this level of deployment represents a failure or reasonable progress toward meeting a mandate set by the Office of Management and Budget in the summer of 2008 .
OMB officials declined to say why the agency has n't enforced the DNSSEC deadline for executive branch departments .
"</tokentext>
<sentencetext>netbuzz writes "Eighty percent of US federal agencies — including the Department of Homeland Security — have missed a deadline to deploy DNS Security Extensions, a new authentication mechanism designed to prevent hackers from hijacking Web traffic.
The deadline that whooshed by was Dec. 31, 2009.
Experts disagree as to whether this level of deployment represents a failure or reasonable progress toward meeting a mandate set by the Office of Management and Budget in the summer of 2008.
OMB officials declined to say why the agency hasn't enforced the DNSSEC deadline for executive branch departments.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30866330</id>
	<title>Re:I'm not a huge fan of DHS either</title>
	<author>e9th</author>
	<datestamp>1264173960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Who comes up with names like these?  "Homeland" <i>is</i> disturbingly close to "Vaterland."  Wouldn't "domestic" have worked?<br>My county renamed the Sheriff's Office to "Department of Public Safety," bringing to mind that laff-riot Reign of Terror during the French Revolution.<br> <br>And yes, DHS could easily have been made part of the FBI or the US Marshall's Service, if it needs to exist at all.</htmltext>
<tokenext>Who comes up with names like these ?
" Homeland " is disturbingly close to " Vaterland .
" Would n't " domestic " have worked ? My county renamed the Sheriff 's Office to " Department of Public Safety , " bringing to mind that laff-riot Reign of Terror during the French Revolution .
And yes , DHS could easily have been made part of the FBI or the US Marshall 's Service , if it needs to exist at all .</tokentext>
<sentencetext>Who comes up with names like these?
"Homeland" is disturbingly close to "Vaterland.
"  Wouldn't "domestic" have worked?My county renamed the Sheriff's Office to "Department of Public Safety," bringing to mind that laff-riot Reign of Terror during the French Revolution.
And yes, DHS could easily have been made part of the FBI or the US Marshall's Service, if it needs to exist at all.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860858</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30876554</id>
	<title>Re:I'm not a huge fan of DHS either</title>
	<author>bill\_mcgonigle</author>
	<datestamp>1264365060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>I take issue with the name itself as well; "homeland" puts pictures of Nazi Germany in my head. Maybe thay did that on purpose?</i></p><p>I'm not going to Godwin you, but you do get a citation for 'ignoring a common cause'.  The US has increasingly trended towards fascism (the actual political system, not the angsty high school usage).</p></htmltext>
<tokenext>I take issue with the name itself as well ; " homeland " puts pictures of Nazi Germany in my head .
Maybe thay did that on purpose ? I 'm not going to Godwin you , but you do get a citation for 'ignoring a common cause' .
The US has increasingly trended towards fascism ( the actual political system , not the angsty high school usage ) .</tokentext>
<sentencetext>I take issue with the name itself as well; "homeland" puts pictures of Nazi Germany in my head.
Maybe thay did that on purpose?I'm not going to Godwin you, but you do get a citation for 'ignoring a common cause'.
The US has increasingly trended towards fascism (the actual political system, not the angsty high school usage).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860858</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30865898</id>
	<title>Re:Good...</title>
	<author>Tacvek</author>
	<datestamp>1264169580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Off Topic: I just tried the netalyzr with some interesting results. When I run it under Firefox 3.6 I get terrible results for HTTP caching. Of note is that the "diretly and explicitly" request tests for strongly and weekly uncachable data fail. When I run it under Chrome I get the expected results of no indication of an HTTP cache. So I suspect Firefox may be interfering with the HTTP caching tests.</p><p>I would like to suggest another port test, for port 6667, the default port for Internet Relay Chat. Since many Botnet viruses use IRC for command and control, some ISPs have blocked port 6667 in the hopes that by preventing the infections from phoning home, the machines will not function as zombies.</p></htmltext>
<tokenext>Off Topic : I just tried the netalyzr with some interesting results .
When I run it under Firefox 3.6 I get terrible results for HTTP caching .
Of note is that the " diretly and explicitly " request tests for strongly and weekly uncachable data fail .
When I run it under Chrome I get the expected results of no indication of an HTTP cache .
So I suspect Firefox may be interfering with the HTTP caching tests.I would like to suggest another port test , for port 6667 , the default port for Internet Relay Chat .
Since many Botnet viruses use IRC for command and control , some ISPs have blocked port 6667 in the hopes that by preventing the infections from phoning home , the machines will not function as zombies .</tokentext>
<sentencetext>Off Topic: I just tried the netalyzr with some interesting results.
When I run it under Firefox 3.6 I get terrible results for HTTP caching.
Of note is that the "diretly and explicitly" request tests for strongly and weekly uncachable data fail.
When I run it under Chrome I get the expected results of no indication of an HTTP cache.
So I suspect Firefox may be interfering with the HTTP caching tests.I would like to suggest another port test, for port 6667, the default port for Internet Relay Chat.
Since many Botnet viruses use IRC for command and control, some ISPs have blocked port 6667 in the hopes that by preventing the infections from phoning home, the machines will not function as zombies.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860868</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860768</id>
	<title>Re:I'm not a huge fan of DHS either</title>
	<author>Zibri</author>
	<datestamp>1264182480000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Seems that most of the larger (well-known) *.govs doens't haven't deployed dnssec. I tried cia.gov, fbi.gov, nsa.gov (!), state.gov, whitehouse.gov, ins.gov, irs.gov... state.gov was the only one i found having published a DNSKEY rr. (I just picked a few at random I knew)</p></htmltext>
<tokenext>Seems that most of the larger ( well-known ) * .govs doens't have n't deployed dnssec .
I tried cia.gov , fbi.gov , nsa.gov ( !
) , state.gov , whitehouse.gov , ins.gov , irs.gov... state.gov was the only one i found having published a DNSKEY rr .
( I just picked a few at random I knew )</tokentext>
<sentencetext>Seems that most of the larger (well-known) *.govs doens't haven't deployed dnssec.
I tried cia.gov, fbi.gov, nsa.gov (!
), state.gov, whitehouse.gov, ins.gov, irs.gov... state.gov was the only one i found having published a DNSKEY rr.
(I just picked a few at random I knew)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860842</id>
	<title>Re:I'm not a huge fan of DHS either</title>
	<author>Smallpond</author>
	<datestamp>1264182780000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Seriously, this time I could even understand if it was not released for "reasons of national security". It would be one of the few cases where that excuse actually makes sense.</p></div><p>
&nbsp; <br>Because the terrorists who are going to attack using a sophisticated DNS cache poisoning technique are obviously too stupid to download a list of government websites and go through them one-by-one to see which are using DNSSEC.</p></div>
	</htmltext>
<tokenext>Seriously , this time I could even understand if it was not released for " reasons of national security " .
It would be one of the few cases where that excuse actually makes sense .
  Because the terrorists who are going to attack using a sophisticated DNS cache poisoning technique are obviously too stupid to download a list of government websites and go through them one-by-one to see which are using DNSSEC .</tokentext>
<sentencetext>Seriously, this time I could even understand if it was not released for "reasons of national security".
It would be one of the few cases where that excuse actually makes sense.
  Because the terrorists who are going to attack using a sophisticated DNS cache poisoning technique are obviously too stupid to download a list of government websites and go through them one-by-one to see which are using DNSSEC.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404</id>
	<title>I'm not a huge fan of DHS either</title>
	<author>NevarMore</author>
	<datestamp>1264180680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'm not a huge fan of DHS, but come on there are so many other government agencies that hardly ever get any abuse at all. DHS has had a lot of cock ups, and should be ridden hard to shape up or dissolve, but this is hardly an opening sentence kind of cock up.</p><p>Now where is the full list of orgs that have or have not done it? I suspect its going to be a lot like reading the pork report.</p></htmltext>
<tokenext>I 'm not a huge fan of DHS , but come on there are so many other government agencies that hardly ever get any abuse at all .
DHS has had a lot of cock ups , and should be ridden hard to shape up or dissolve , but this is hardly an opening sentence kind of cock up.Now where is the full list of orgs that have or have not done it ?
I suspect its going to be a lot like reading the pork report .</tokentext>
<sentencetext>I'm not a huge fan of DHS, but come on there are so many other government agencies that hardly ever get any abuse at all.
DHS has had a lot of cock ups, and should be ridden hard to shape up or dissolve, but this is hardly an opening sentence kind of cock up.Now where is the full list of orgs that have or have not done it?
I suspect its going to be a lot like reading the pork report.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860576</id>
	<title>Unrealistic deadlines?</title>
	<author>adosch</author>
	<datestamp>1264181400000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext>This is probably more of a classic case of unrealistic deadlines imposed on Gov't agencies/IT contractors by Gov't security desk jockies and/or congressmen without a clue.  I'm sure the infrastructure is convoluted to begin with and I'm sure whatever planning testing was probably rushed.  On top of that, I've never know *anything* in the government to 1) rarely meet a deadline on time, 2) accomplish a task on time without an exorbitant amount of hiccups to deal with, or  3) be successful without being strangled by miles of bureaucratic red tape.  I'm not making an excuse, just seems pretty plausible considering <i>who</i> we are talking about here.</htmltext>
<tokenext>This is probably more of a classic case of unrealistic deadlines imposed on Gov't agencies/IT contractors by Gov't security desk jockies and/or congressmen without a clue .
I 'm sure the infrastructure is convoluted to begin with and I 'm sure whatever planning testing was probably rushed .
On top of that , I 've never know * anything * in the government to 1 ) rarely meet a deadline on time , 2 ) accomplish a task on time without an exorbitant amount of hiccups to deal with , or 3 ) be successful without being strangled by miles of bureaucratic red tape .
I 'm not making an excuse , just seems pretty plausible considering who we are talking about here .</tokentext>
<sentencetext>This is probably more of a classic case of unrealistic deadlines imposed on Gov't agencies/IT contractors by Gov't security desk jockies and/or congressmen without a clue.
I'm sure the infrastructure is convoluted to begin with and I'm sure whatever planning testing was probably rushed.
On top of that, I've never know *anything* in the government to 1) rarely meet a deadline on time, 2) accomplish a task on time without an exorbitant amount of hiccups to deal with, or  3) be successful without being strangled by miles of bureaucratic red tape.
I'm not making an excuse, just seems pretty plausible considering who we are talking about here.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861078</id>
	<title>I manage DNS for a .gov</title>
	<author>snsh</author>
	<datestamp>1264183800000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>I manage a<nobr> <wbr></nobr>.gov domain for a non-federal entity.  Last year I pursued DNSSEC and hosted DNS to improve availability and diversity over our on-premise DNS.  Windows DNS and BIND seemed okay for DNSSEC secondaries, but signing and key rollover are high-maintenance.  Maybe in the near future that will change.  There are appliances I could buy for $10-20k to manage master zones and do DNSSEC, but they were out of budget.  I worked with a hosted provider (dynect) for DNSSEC singing with<nobr> <wbr></nobr>.GOV, but that turned out to be out of budget too.  So eventually I just settled on dnsmadeeasy for nominal cost, with anticipation that they'll support DNSSEC sometime in mid-2010.  Basically DNSSEC for the masses doesn't seem to be there yet.</htmltext>
<tokenext>I manage a .gov domain for a non-federal entity .
Last year I pursued DNSSEC and hosted DNS to improve availability and diversity over our on-premise DNS .
Windows DNS and BIND seemed okay for DNSSEC secondaries , but signing and key rollover are high-maintenance .
Maybe in the near future that will change .
There are appliances I could buy for $ 10-20k to manage master zones and do DNSSEC , but they were out of budget .
I worked with a hosted provider ( dynect ) for DNSSEC singing with .GOV , but that turned out to be out of budget too .
So eventually I just settled on dnsmadeeasy for nominal cost , with anticipation that they 'll support DNSSEC sometime in mid-2010 .
Basically DNSSEC for the masses does n't seem to be there yet .</tokentext>
<sentencetext>I manage a .gov domain for a non-federal entity.
Last year I pursued DNSSEC and hosted DNS to improve availability and diversity over our on-premise DNS.
Windows DNS and BIND seemed okay for DNSSEC secondaries, but signing and key rollover are high-maintenance.
Maybe in the near future that will change.
There are appliances I could buy for $10-20k to manage master zones and do DNSSEC, but they were out of budget.
I worked with a hosted provider (dynect) for DNSSEC singing with .GOV, but that turned out to be out of budget too.
So eventually I just settled on dnsmadeeasy for nominal cost, with anticipation that they'll support DNSSEC sometime in mid-2010.
Basically DNSSEC for the masses doesn't seem to be there yet.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860728</id>
	<title>How do you check?</title>
	<author>QuantumRiff</author>
	<datestamp>1264182240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Just out of curiosity, I would love to check if my state is compliant..  How does one use NSLookup or DIG to check?? is it just a txt field, like looking for an SPF key?</p><p>Of course, to fully check I would have to check the keys from<nobr> <wbr></nobr>.Gov, then the key from the domain, so do either tool have the capability to "walk the tree"?</p></htmltext>
<tokenext>Just out of curiosity , I would love to check if my state is compliant.. How does one use NSLookup or DIG to check ? ?
is it just a txt field , like looking for an SPF key ? Of course , to fully check I would have to check the keys from .Gov , then the key from the domain , so do either tool have the capability to " walk the tree " ?</tokentext>
<sentencetext>Just out of curiosity, I would love to check if my state is compliant..  How does one use NSLookup or DIG to check??
is it just a txt field, like looking for an SPF key?Of course, to fully check I would have to check the keys from .Gov, then the key from the domain, so do either tool have the capability to "walk the tree"?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862260</id>
	<title>Re:of course</title>
	<author>Pinky's Brain</author>
	<datestamp>1264190880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm pretty sure more money has gone into lobbying against DNSSEC than in favour<nobr> <wbr></nobr>... it's going to have a really big toll on the CAs after all when everyone can just put a self-signed cert inside their DNS entry and have end to end authentication completely without a CA.</p></htmltext>
<tokenext>I 'm pretty sure more money has gone into lobbying against DNSSEC than in favour ... it 's going to have a really big toll on the CAs after all when everyone can just put a self-signed cert inside their DNS entry and have end to end authentication completely without a CA .</tokentext>
<sentencetext>I'm pretty sure more money has gone into lobbying against DNSSEC than in favour ... it's going to have a really big toll on the CAs after all when everyone can just put a self-signed cert inside their DNS entry and have end to end authentication completely without a CA.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861868</id>
	<title>Surprised?</title>
	<author>Anonymous</author>
	<datestamp>1264188600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I bet 80\% of<nobr> <wbr></nobr>.gov sites also don't have properly setup <b>DNS</b>, let alone DNSSEC.

</p><p>eg. Try going to <a href="http://fbi.gov/" title="fbi.gov">http://fbi.gov</a> [fbi.gov]

</p><p>Without the proper CNAME record you need to type "www" before the hostname. Silly.</p></htmltext>
<tokenext>I bet 80 \ % of .gov sites also do n't have properly setup DNS , let alone DNSSEC .
eg. Try going to http : //fbi.gov [ fbi.gov ] Without the proper CNAME record you need to type " www " before the hostname .
Silly .</tokentext>
<sentencetext>I bet 80\% of .gov sites also don't have properly setup DNS, let alone DNSSEC.
eg. Try going to http://fbi.gov [fbi.gov]

Without the proper CNAME record you need to type "www" before the hostname.
Silly.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861540</id>
	<title>Org structure / priority issues</title>
	<author>gnieboer</author>
	<datestamp>1264186260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>IMHO, the reason this isn't done yet is because of the org structure.  OMB is responsible for administrative oversight of this type of stuff, but each department don't actually work for them obviously.<br>So it could be analagous to the corporate IT department sending an email to each department lead (sales, production) telling them to install certain patches to their desktop PC.</p><p>Yeah sure, the IT department has the right to give direction because the common CEO delegated that responsibility to them, but when prioritizing what is important... they aren't writing the performance review, are they?</p><p>Which is why IT department usually have actual control over such things and push the patches whether the user likes it or not.  But OMB doesn't "control"<nobr> <wbr></nobr>.gov truly.</p><p>Again, just MHO</p></htmltext>
<tokenext>IMHO , the reason this is n't done yet is because of the org structure .
OMB is responsible for administrative oversight of this type of stuff , but each department do n't actually work for them obviously.So it could be analagous to the corporate IT department sending an email to each department lead ( sales , production ) telling them to install certain patches to their desktop PC.Yeah sure , the IT department has the right to give direction because the common CEO delegated that responsibility to them , but when prioritizing what is important... they are n't writing the performance review , are they ? Which is why IT department usually have actual control over such things and push the patches whether the user likes it or not .
But OMB does n't " control " .gov truly.Again , just MHO</tokentext>
<sentencetext>IMHO, the reason this isn't done yet is because of the org structure.
OMB is responsible for administrative oversight of this type of stuff, but each department don't actually work for them obviously.So it could be analagous to the corporate IT department sending an email to each department lead (sales, production) telling them to install certain patches to their desktop PC.Yeah sure, the IT department has the right to give direction because the common CEO delegated that responsibility to them, but when prioritizing what is important... they aren't writing the performance review, are they?Which is why IT department usually have actual control over such things and push the patches whether the user likes it or not.
But OMB doesn't "control" .gov truly.Again, just MHO</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861712</id>
	<title>Re:How do you check?</title>
	<author>supradave</author>
	<datestamp>1264187280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>dig +dnssec @nameserver domain.xx SOA.  If you get the SOA, you have a signature.<br>Then<br>dig +dnssec @nameserver domain.xx DS to see if you have a DS record.<br>Then<br>dig +dnssec @publicvalidatingserver domain.xx to see if the Chain-of-Trust is established.</p></htmltext>
<tokenext>dig + dnssec @ nameserver domain.xx SOA .
If you get the SOA , you have a signature.Thendig + dnssec @ nameserver domain.xx DS to see if you have a DS record.Thendig + dnssec @ publicvalidatingserver domain.xx to see if the Chain-of-Trust is established .</tokentext>
<sentencetext>dig +dnssec @nameserver domain.xx SOA.
If you get the SOA, you have a signature.Thendig +dnssec @nameserver domain.xx DS to see if you have a DS record.Thendig +dnssec @publicvalidatingserver domain.xx to see if the Chain-of-Trust is established.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860728</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862678</id>
	<title>4 out of 5 Slashdot editors are complete failures</title>
	<author>Hurricane78</author>
	<datestamp>1264193340000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>This is what the subject line in my RSS reader (Thunderbird) just gave me:</p><p><div class="quote"><p>4 Out of 5 of&lt;nobr&gt; &lt;wbr&gt;&lt;/nobr&gt;.gov Web Sites Miss DNSSEC Deadline</p></div><p>WTF? Are you writing this stuff in MS Word?<br>Because I constantly see this stupid shit. And no human would ever do something like that.</p></div>
	</htmltext>
<tokenext>This is what the subject line in my RSS reader ( Thunderbird ) just gave me : 4 Out of 5 of .gov Web Sites Miss DNSSEC DeadlineWTF ?
Are you writing this stuff in MS Word ? Because I constantly see this stupid shit .
And no human would ever do something like that .</tokentext>
<sentencetext>This is what the subject line in my RSS reader (Thunderbird) just gave me:4 Out of 5 of .gov Web Sites Miss DNSSEC DeadlineWTF?
Are you writing this stuff in MS Word?Because I constantly see this stupid shit.
And no human would ever do something like that.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861624</id>
	<title>New authentication mechanism?</title>
	<author>fahrbot-bot</author>
	<datestamp>1264186620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>... DNS Security Extensions, a new authentication mechanism designed to prevent hackers from hijacking Web traffic.</p></div>
</blockquote><p>
"New"? From: <a href="http://en.wikipedia.org/wiki/Domain\_Name\_System\_Security\_Extensions" title="wikipedia.org">Domain Name System Security Extensions</a> [wikipedia.org]:</p><blockquote><div><p>The initial RFC 2065 was published by the IETF in 1997, and initial attempts to implement that specification led to a revised (and believed fully workable) specification in 1999 as IETF RFC 2535. Plans were made to deploy DNSSEC based on RFC 2535.</p></div>
</blockquote><p>
Oh well, "netbuzz" and KDawson are probably too young to know any better<nobr> <wbr></nobr>:-)</p></div>
	</htmltext>
<tokenext>... DNS Security Extensions , a new authentication mechanism designed to prevent hackers from hijacking Web traffic .
" New " ? From : Domain Name System Security Extensions [ wikipedia.org ] : The initial RFC 2065 was published by the IETF in 1997 , and initial attempts to implement that specification led to a revised ( and believed fully workable ) specification in 1999 as IETF RFC 2535 .
Plans were made to deploy DNSSEC based on RFC 2535 .
Oh well , " netbuzz " and KDawson are probably too young to know any better : - )</tokentext>
<sentencetext>... DNS Security Extensions, a new authentication mechanism designed to prevent hackers from hijacking Web traffic.
"New"? From: Domain Name System Security Extensions [wikipedia.org]:The initial RFC 2065 was published by the IETF in 1997, and initial attempts to implement that specification led to a revised (and believed fully workable) specification in 1999 as IETF RFC 2535.
Plans were made to deploy DNSSEC based on RFC 2535.
Oh well, "netbuzz" and KDawson are probably too young to know any better :-)
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860858</id>
	<title>Re:I'm not a huge fan of DHS either</title>
	<author>mcgrew</author>
	<datestamp>1264182900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>IMO "Homeland Security" should have never been established in the first place, and once established FEMA should not have been part of it.</p><p>The armed forces are supposed to secure the homeland.</p><p>I take issue with the name itself as well; "homeland" puts pictures of Nazi Germany in my head. Maybe thay did that on purpose?</p></htmltext>
<tokenext>IMO " Homeland Security " should have never been established in the first place , and once established FEMA should not have been part of it.The armed forces are supposed to secure the homeland.I take issue with the name itself as well ; " homeland " puts pictures of Nazi Germany in my head .
Maybe thay did that on purpose ?</tokentext>
<sentencetext>IMO "Homeland Security" should have never been established in the first place, and once established FEMA should not have been part of it.The armed forces are supposed to secure the homeland.I take issue with the name itself as well; "homeland" puts pictures of Nazi Germany in my head.
Maybe thay did that on purpose?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860826</id>
	<title>Lack of government IT knowledge</title>
	<author>RichMan</author>
	<datestamp>1264182720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>So does this show a lack of government IT ability. Or is it more representative of the general inertia of government. I would worry more about the former. Where the government is exposing itself to the wilds of the internet without the ability to protect itself.</p></htmltext>
<tokenext>So does this show a lack of government IT ability .
Or is it more representative of the general inertia of government .
I would worry more about the former .
Where the government is exposing itself to the wilds of the internet without the ability to protect itself .</tokentext>
<sentencetext>So does this show a lack of government IT ability.
Or is it more representative of the general inertia of government.
I would worry more about the former.
Where the government is exposing itself to the wilds of the internet without the ability to protect itself.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456</id>
	<title>of course</title>
	<author>brennz</author>
	<datestamp>1264180920000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext><p>(1) you have a shill of a biased company selling products to the industry pushing the requirement<br>(2) An unrealistic deadline set by OMB initially.</p><p>This is a craptastic story.</p></htmltext>
<tokenext>( 1 ) you have a shill of a biased company selling products to the industry pushing the requirement ( 2 ) An unrealistic deadline set by OMB initially.This is a craptastic story .</tokentext>
<sentencetext>(1) you have a shill of a biased company selling products to the industry pushing the requirement(2) An unrealistic deadline set by OMB initially.This is a craptastic story.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860568</id>
	<title>Don't worry about govt security</title>
	<author>Anonymous</author>
	<datestamp>1264181400000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>They'll do a much better job when they gatekeep everyone's health records.</p></htmltext>
<tokenext>They 'll do a much better job when they gatekeep everyone 's health records .</tokentext>
<sentencetext>They'll do a much better job when they gatekeep everyone's health records.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862588</id>
	<title>How do you parse that?</title>
	<author>Anonymous</author>
	<datestamp>1264192680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><i>Mountains out of molehills, as per usual </i> <br> <br>case "usual": { mountain(molehill); }<br> <br>?</htmltext>
<tokenext>Mountains out of molehills , as per usual case " usual " : { mountain ( molehill ) ; } ?</tokentext>
<sentencetext>Mountains out of molehills, as per usual   case "usual": { mountain(molehill); } ?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860650</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860604</id>
	<title>Re:I'm not a huge fan of DHS either</title>
	<author>Anonymous</author>
	<datestamp>1264181520000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Sir, I think that you have penis on the brain.</p><p>And I quote:<br><i>I'm not a huge fan of DHS, but come on there are so many other government agencies that hardly ever get any abuse at all. DHS has had a lot of <b>cock ups</b>, and should be <b>ridden hard</b> to shape up or dissolve, but this is hardly an opening sentence kind of <b>cock up</b>.</i></p><p><i>Now where is the full list of orgs that have or have not done it? I suspect its going to be a lot like reading the <b>pork</b> report.</i></p></div>
	</htmltext>
<tokenext>Sir , I think that you have penis on the brain.And I quote : I 'm not a huge fan of DHS , but come on there are so many other government agencies that hardly ever get any abuse at all .
DHS has had a lot of cock ups , and should be ridden hard to shape up or dissolve , but this is hardly an opening sentence kind of cock up.Now where is the full list of orgs that have or have not done it ?
I suspect its going to be a lot like reading the pork report .</tokentext>
<sentencetext>Sir, I think that you have penis on the brain.And I quote:I'm not a huge fan of DHS, but come on there are so many other government agencies that hardly ever get any abuse at all.
DHS has had a lot of cock ups, and should be ridden hard to shape up or dissolve, but this is hardly an opening sentence kind of cock up.Now where is the full list of orgs that have or have not done it?
I suspect its going to be a lot like reading the pork report.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860544</id>
	<title>That's nothing</title>
	<author>Anonymous</author>
	<datestamp>1264181220000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>Rumour has it All Canadian governments open TCP/UDP ports 2 through 65535.</p><p>The first one is the reserved emergency port for the Prime Minister to escape in the case of a national emergency. We tried to explain to him that's not how it works but... You know politicians...</p></htmltext>
<tokenext>Rumour has it All Canadian governments open TCP/UDP ports 2 through 65535.The first one is the reserved emergency port for the Prime Minister to escape in the case of a national emergency .
We tried to explain to him that 's not how it works but... You know politicians.. .</tokentext>
<sentencetext>Rumour has it All Canadian governments open TCP/UDP ports 2 through 65535.The first one is the reserved emergency port for the Prime Minister to escape in the case of a national emergency.
We tried to explain to him that's not how it works but... You know politicians...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860422</id>
	<title>It's coming soon</title>
	<author>Anonymous</author>
	<datestamp>1264180740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>He's on vacation this week but will be back on Monday.</p></htmltext>
<tokenext>He 's on vacation this week but will be back on Monday .</tokentext>
<sentencetext>He's on vacation this week but will be back on Monday.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860972</id>
	<title>Re:of course</title>
	<author>Sir\_Lewk</author>
	<datestamp>1264183380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>I can certainly understand the unreasonable deadline complaint, but why exactly is DNSSEC "just some product being pushed by a shill company"?  BIND implements DNSSEC, it's not like it's a proprietary piece of technology that is only offered by a single vendor.</p></htmltext>
<tokenext>I can certainly understand the unreasonable deadline complaint , but why exactly is DNSSEC " just some product being pushed by a shill company " ?
BIND implements DNSSEC , it 's not like it 's a proprietary piece of technology that is only offered by a single vendor .</tokentext>
<sentencetext>I can certainly understand the unreasonable deadline complaint, but why exactly is DNSSEC "just some product being pushed by a shill company"?
BIND implements DNSSEC, it's not like it's a proprietary piece of technology that is only offered by a single vendor.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860650</id>
	<title>Mountains out of molehills, as per usual ....</title>
	<author>King\_TJ</author>
	<datestamp>1264181760000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Sure, it's always good to implement updates that improve network/computer security<nobr> <wbr></nobr>... but let's face it.  These deadlines are put in place primarily to ensure people actually pay attention and do the update in a reasonable amount of time.  It's not like govt. had inside information that right after Dec. 31, 2009 - hackers were going to go crazy trying to exploit this DNS issue, so that was the day it really NEEDED to be implemented by, across the board.</p><p>Maybe I'm just in a sour mood right now with this stuff in general?  But lately, I sense an ever-increasing amount of importance being placed on every little security patch or change, when it's just not really warranted.  It seems really self-serving to those who work in the field of "computer security", because it makes a bunch of extra billable work for them - and they get to scare more people into paying them to secure things for them.</p><p>I mean, just this morning, I came into work and checked my mail, and what do I see?  People on C-Net asking questions about if they should just "quit using Internet Explorer, given the recent security exploits".  (Umm, let's see here....  You successfully used the thing ever since probably when?  At least back in 2001 or 2002, right?  And theoretically at least, it's "safer" now than EVER before, since Microsoft has been patching and upgrading the thing that whole time.  So why would you suddenly determine NOW that it's just too unsafe to use again??)</p><p>And later today, I've got to waste my afternoon ensuring "PCI Compliance" because my workplace accepts credit cards once in a while, processed via an Internet-based card processing service.  We don't even store *any* of the card data here, on either our systems or on paper.  They just punch the stuff into the web site to do the processing, and let the processor keep the data.  But *still*, simply because we do it, we have to have monthly "penetration testing" done against our firewall's IP address (among other requirements), and the stupid test claims I "fail" right now, due to issues that hardly matter in reality.  (EG.  It's complaining about unpatched issues with the Outlook Web Access part of Exchange, even though nobody even has access to use OWA in our company except me, as sysadmin -- and again, I'm finding it quite the stretch to see how someone hacking OWA here would magically obtain customer credit card info, given how we operate here?)</p></htmltext>
<tokenext>Sure , it 's always good to implement updates that improve network/computer security ... but let 's face it .
These deadlines are put in place primarily to ensure people actually pay attention and do the update in a reasonable amount of time .
It 's not like govt .
had inside information that right after Dec. 31 , 2009 - hackers were going to go crazy trying to exploit this DNS issue , so that was the day it really NEEDED to be implemented by , across the board.Maybe I 'm just in a sour mood right now with this stuff in general ?
But lately , I sense an ever-increasing amount of importance being placed on every little security patch or change , when it 's just not really warranted .
It seems really self-serving to those who work in the field of " computer security " , because it makes a bunch of extra billable work for them - and they get to scare more people into paying them to secure things for them.I mean , just this morning , I came into work and checked my mail , and what do I see ?
People on C-Net asking questions about if they should just " quit using Internet Explorer , given the recent security exploits " .
( Umm , let 's see here.... You successfully used the thing ever since probably when ?
At least back in 2001 or 2002 , right ?
And theoretically at least , it 's " safer " now than EVER before , since Microsoft has been patching and upgrading the thing that whole time .
So why would you suddenly determine NOW that it 's just too unsafe to use again ? ?
) And later today , I 've got to waste my afternoon ensuring " PCI Compliance " because my workplace accepts credit cards once in a while , processed via an Internet-based card processing service .
We do n't even store * any * of the card data here , on either our systems or on paper .
They just punch the stuff into the web site to do the processing , and let the processor keep the data .
But * still * , simply because we do it , we have to have monthly " penetration testing " done against our firewall 's IP address ( among other requirements ) , and the stupid test claims I " fail " right now , due to issues that hardly matter in reality .
( EG. It 's complaining about unpatched issues with the Outlook Web Access part of Exchange , even though nobody even has access to use OWA in our company except me , as sysadmin -- and again , I 'm finding it quite the stretch to see how someone hacking OWA here would magically obtain customer credit card info , given how we operate here ?
)</tokentext>
<sentencetext>Sure, it's always good to implement updates that improve network/computer security ... but let's face it.
These deadlines are put in place primarily to ensure people actually pay attention and do the update in a reasonable amount of time.
It's not like govt.
had inside information that right after Dec. 31, 2009 - hackers were going to go crazy trying to exploit this DNS issue, so that was the day it really NEEDED to be implemented by, across the board.Maybe I'm just in a sour mood right now with this stuff in general?
But lately, I sense an ever-increasing amount of importance being placed on every little security patch or change, when it's just not really warranted.
It seems really self-serving to those who work in the field of "computer security", because it makes a bunch of extra billable work for them - and they get to scare more people into paying them to secure things for them.I mean, just this morning, I came into work and checked my mail, and what do I see?
People on C-Net asking questions about if they should just "quit using Internet Explorer, given the recent security exploits".
(Umm, let's see here....  You successfully used the thing ever since probably when?
At least back in 2001 or 2002, right?
And theoretically at least, it's "safer" now than EVER before, since Microsoft has been patching and upgrading the thing that whole time.
So why would you suddenly determine NOW that it's just too unsafe to use again??
)And later today, I've got to waste my afternoon ensuring "PCI Compliance" because my workplace accepts credit cards once in a while, processed via an Internet-based card processing service.
We don't even store *any* of the card data here, on either our systems or on paper.
They just punch the stuff into the web site to do the processing, and let the processor keep the data.
But *still*, simply because we do it, we have to have monthly "penetration testing" done against our firewall's IP address (among other requirements), and the stupid test claims I "fail" right now, due to issues that hardly matter in reality.
(EG.  It's complaining about unpatched issues with the Outlook Web Access part of Exchange, even though nobody even has access to use OWA in our company except me, as sysadmin -- and again, I'm finding it quite the stretch to see how someone hacking OWA here would magically obtain customer credit card info, given how we operate here?
)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861854</id>
	<title>Re:Mountains out of molehills, as per usual ....</title>
	<author>Anonymous</author>
	<datestamp>1264188540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Why is OWA enabled at all if you're not using it? If the scanner had access to it, I guess you're <em>not</em> the only one with access to it. What's to prevent me from hacking your systems in such a way that they start retaining cardholder information?</htmltext>
<tokenext>Why is OWA enabled at all if you 're not using it ?
If the scanner had access to it , I guess you 're not the only one with access to it .
What 's to prevent me from hacking your systems in such a way that they start retaining cardholder information ?</tokentext>
<sentencetext>Why is OWA enabled at all if you're not using it?
If the scanner had access to it, I guess you're not the only one with access to it.
What's to prevent me from hacking your systems in such a way that they start retaining cardholder information?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860650</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860408</id>
	<title>Thank you, security guys</title>
	<author>Anonymous</author>
	<datestamp>1264180680000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>I have to bow to you. Whenever you are implementing something to limit my free... I mean, increase my security, it goes without delay and without fail. You are even so eager to protect me that you put your own security concerns behind mine.</p><p>So selfish. So noble. So stupid.</p></htmltext>
<tokenext>I have to bow to you .
Whenever you are implementing something to limit my free... I mean , increase my security , it goes without delay and without fail .
You are even so eager to protect me that you put your own security concerns behind mine.So selfish .
So noble .
So stupid .</tokentext>
<sentencetext>I have to bow to you.
Whenever you are implementing something to limit my free... I mean, increase my security, it goes without delay and without fail.
You are even so eager to protect me that you put your own security concerns behind mine.So selfish.
So noble.
So stupid.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860602</id>
	<title>What about non-gov't?</title>
	<author>Anonymous</author>
	<datestamp>1264181520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>And how many in non-government entities deployed their DNSSEC extensions?</p></htmltext>
<tokenext>And how many in non-government entities deployed their DNSSEC extensions ?</tokentext>
<sentencetext>And how many in non-government entities deployed their DNSSEC extensions?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30868358</id>
	<title>Root</title>
	<author>Lennie</author>
	<datestamp>1264246140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>We need DNSSEC on the root, w00t, w00t!<nobr> <wbr></nobr>;-)<br><br>No really, without DNSSEC on the root, I don't think we'll get proper verification process going on the resolver side.<br><br>And putting something in DNS which isn't verified is hardly useful. Maybe they will do verification within the government, that is a start.</htmltext>
<tokenext>We need DNSSEC on the root , w00t , w00t !
; - ) No really , without DNSSEC on the root , I do n't think we 'll get proper verification process going on the resolver side.And putting something in DNS which is n't verified is hardly useful .
Maybe they will do verification within the government , that is a start .</tokentext>
<sentencetext>We need DNSSEC on the root, w00t, w00t!
;-)No really, without DNSSEC on the root, I don't think we'll get proper verification process going on the resolver side.And putting something in DNS which isn't verified is hardly useful.
Maybe they will do verification within the government, that is a start.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861022</id>
	<title>No mention of the .dov registrar mistakes</title>
	<author>Anonymous</author>
	<datestamp>1264183620000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>I am the DNS admin of a federal agency.  We signed two of our domains, and twice had<nobr> <wbr></nobr>.gov delete the keys that allowed the domains to be trusted.   We then got the run-around and were lied to by the<nobr> <wbr></nobr>.gov admin.   My management and I are now afraid to make any further progress implementing DNSSEC because<nobr> <wbr></nobr>.gov has made so many mistakes.   It is better to be unsigned than to be signed and have the trust keys be incorrect.</p><p>Additionally, the tools to implement DNSSEC are non-trivial.  A federal agency or Fortune 500 can afford to buy a Secure64 Signer.   Looking forward to when I want to sign my personal domains (in<nobr> <wbr></nobr>.org and<nobr> <wbr></nobr>.com), the tools have to become much simpler and much more automated.</p></htmltext>
<tokenext>I am the DNS admin of a federal agency .
We signed two of our domains , and twice had .gov delete the keys that allowed the domains to be trusted .
We then got the run-around and were lied to by the .gov admin .
My management and I are now afraid to make any further progress implementing DNSSEC because .gov has made so many mistakes .
It is better to be unsigned than to be signed and have the trust keys be incorrect.Additionally , the tools to implement DNSSEC are non-trivial .
A federal agency or Fortune 500 can afford to buy a Secure64 Signer .
Looking forward to when I want to sign my personal domains ( in .org and .com ) , the tools have to become much simpler and much more automated .</tokentext>
<sentencetext>I am the DNS admin of a federal agency.
We signed two of our domains, and twice had .gov delete the keys that allowed the domains to be trusted.
We then got the run-around and were lied to by the .gov admin.
My management and I are now afraid to make any further progress implementing DNSSEC because .gov has made so many mistakes.
It is better to be unsigned than to be signed and have the trust keys be incorrect.Additionally, the tools to implement DNSSEC are non-trivial.
A federal agency or Fortune 500 can afford to buy a Secure64 Signer.
Looking forward to when I want to sign my personal domains (in .org and .com), the tools have to become much simpler and much more automated.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860462</id>
	<title>Re:I'm not a huge fan of DHS either</title>
	<author>Opportunist</author>
	<datestamp>1264180920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><i>Now where is the full list of orgs that have or have not done it?</i></p><p>Why, looking for a shopping list?<nobr> <wbr></nobr>:)</p><p>Seriously, this time I could even understand if it was not released for "reasons of national security". It would be one of the few cases where that excuse actually makes sense.</p></htmltext>
<tokenext>Now where is the full list of orgs that have or have not done it ? Why , looking for a shopping list ?
: ) Seriously , this time I could even understand if it was not released for " reasons of national security " .
It would be one of the few cases where that excuse actually makes sense .</tokentext>
<sentencetext>Now where is the full list of orgs that have or have not done it?Why, looking for a shopping list?
:)Seriously, this time I could even understand if it was not released for "reasons of national security".
It would be one of the few cases where that excuse actually makes sense.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860868</id>
	<title>Good...</title>
	<author>nweaver</author>
	<datestamp>1264182960000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>DNSSEC still has some serious problems.  EG, in our preliminary analysis, a shockingly large number of Netalyzr users are behind DNS resolvers that can't handle fragmented traffic.  Yet a large number are behind resolvers that do request DNSSEC data.</p><p>Since DNSSEC replies are often large (and can easily be over the 1500B response limit), turning on DNSSEC could very well mysteriously slow down DNS by causing large timeouts as the UDP reply fails to arrive and the DNS resolver, after a long timeout, then resorts to a TCP connection, even when the signatures are not validated, simply because there are a lot of resolvers that request DNSSEC but actually can't handle large replies.</p><p><a href="http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg01513.html" title="ietf.org">http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg01513.html</a> [ietf.org]</p></htmltext>
<tokenext>DNSSEC still has some serious problems .
EG , in our preliminary analysis , a shockingly large number of Netalyzr users are behind DNS resolvers that ca n't handle fragmented traffic .
Yet a large number are behind resolvers that do request DNSSEC data.Since DNSSEC replies are often large ( and can easily be over the 1500B response limit ) , turning on DNSSEC could very well mysteriously slow down DNS by causing large timeouts as the UDP reply fails to arrive and the DNS resolver , after a long timeout , then resorts to a TCP connection , even when the signatures are not validated , simply because there are a lot of resolvers that request DNSSEC but actually ca n't handle large replies.http : //www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg01513.html [ ietf.org ]</tokentext>
<sentencetext>DNSSEC still has some serious problems.
EG, in our preliminary analysis, a shockingly large number of Netalyzr users are behind DNS resolvers that can't handle fragmented traffic.
Yet a large number are behind resolvers that do request DNSSEC data.Since DNSSEC replies are often large (and can easily be over the 1500B response limit), turning on DNSSEC could very well mysteriously slow down DNS by causing large timeouts as the UDP reply fails to arrive and the DNS resolver, after a long timeout, then resorts to a TCP connection, even when the signatures are not validated, simply because there are a lot of resolvers that request DNSSEC but actually can't handle large replies.http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg01513.html [ietf.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30863464</id>
	<title>Re:How do you check?</title>
	<author>budgenator</author>
	<datestamp>1264154640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Try <a href="http://www.nlnetlabs.nl/projects/drill/drill\_extension.html" title="nlnetlabs.nl">DNSSEC Drill: Extension for Firefox</a> [nlnetlabs.nl], it sounds like what you want with the idns libraries and programs.  I've never used it but it sounds interesting.</p></htmltext>
<tokenext>Try DNSSEC Drill : Extension for Firefox [ nlnetlabs.nl ] , it sounds like what you want with the idns libraries and programs .
I 've never used it but it sounds interesting .</tokentext>
<sentencetext>Try DNSSEC Drill: Extension for Firefox [nlnetlabs.nl], it sounds like what you want with the idns libraries and programs.
I've never used it but it sounds interesting.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860728</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861972</id>
	<title>Re:of course</title>
	<author>Anonymous</author>
	<datestamp>1264189260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I'll remember that the next time I receive a letter from the government explaining that my personal information has been exposed. It happened once already in 2009, when I got a letter from the National Archives and Records Administration explaining that they left my Social Security number lying around someplace and it was compromised. But hey, they paid for Experian's crappy triple-alert service which doesn't even include a copy of my credit report. And it didn't notify me when I got a new credit card, either.

Fortunately for bureaucrats, there are almost no criminal penalties for negligence in handling our personal data. Hmm, I guess protecting the SS numbers of every American is unrealistic. If my business did that, we'd be out of business.</htmltext>
<tokenext>I 'll remember that the next time I receive a letter from the government explaining that my personal information has been exposed .
It happened once already in 2009 , when I got a letter from the National Archives and Records Administration explaining that they left my Social Security number lying around someplace and it was compromised .
But hey , they paid for Experian 's crappy triple-alert service which does n't even include a copy of my credit report .
And it did n't notify me when I got a new credit card , either .
Fortunately for bureaucrats , there are almost no criminal penalties for negligence in handling our personal data .
Hmm , I guess protecting the SS numbers of every American is unrealistic .
If my business did that , we 'd be out of business .</tokentext>
<sentencetext>I'll remember that the next time I receive a letter from the government explaining that my personal information has been exposed.
It happened once already in 2009, when I got a letter from the National Archives and Records Administration explaining that they left my Social Security number lying around someplace and it was compromised.
But hey, they paid for Experian's crappy triple-alert service which doesn't even include a copy of my credit report.
And it didn't notify me when I got a new credit card, either.
Fortunately for bureaucrats, there are almost no criminal penalties for negligence in handling our personal data.
Hmm, I guess protecting the SS numbers of every American is unrealistic.
If my business did that, we'd be out of business.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30863270</id>
	<title>Re:of course</title>
	<author>jafiwam</author>
	<datestamp>1264153680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A lot of internal DNS is done with a Windows Domain Controller and the built in DNS there.</p><p>So it's not enough that BIND does it, Windows servers need to as well.</p><p>Next, consider the number of Windows2000 networks still out there and the problem of implementation becomes more tangled.</p><p>I am using BIND, but not DNSSEC.  The GUI that sits in front of mine does not have any options for DNSSEC.</p><p>Just go look at the Wikipedia article on DNSSEC and the thick mass of references and new terms and it's FUCKING OBVIOUS it's going to take a long time to implement.</p></htmltext>
<tokenext>A lot of internal DNS is done with a Windows Domain Controller and the built in DNS there.So it 's not enough that BIND does it , Windows servers need to as well.Next , consider the number of Windows2000 networks still out there and the problem of implementation becomes more tangled.I am using BIND , but not DNSSEC .
The GUI that sits in front of mine does not have any options for DNSSEC.Just go look at the Wikipedia article on DNSSEC and the thick mass of references and new terms and it 's FUCKING OBVIOUS it 's going to take a long time to implement .</tokentext>
<sentencetext>A lot of internal DNS is done with a Windows Domain Controller and the built in DNS there.So it's not enough that BIND does it, Windows servers need to as well.Next, consider the number of Windows2000 networks still out there and the problem of implementation becomes more tangled.I am using BIND, but not DNSSEC.
The GUI that sits in front of mine does not have any options for DNSSEC.Just go look at the Wikipedia article on DNSSEC and the thick mass of references and new terms and it's FUCKING OBVIOUS it's going to take a long time to implement.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860972</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30863464
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860728
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861712
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860728
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860842
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860768
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30863270
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860972
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30876554
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860858
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30866330
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860858
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862260
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861972
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30865898
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860868
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862588
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860650
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860604
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_22_1540205_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861854
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860650
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861078
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861022
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861868
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860728
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30863464
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861712
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860544
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860650
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861854
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862588
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861624
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860404
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860462
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860842
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860604
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860768
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860858
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30866330
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30876554
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862678
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860456
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860972
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30863270
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30861972
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30862260
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860868
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30865898
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_22_1540205.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_22_1540205.30860408
</commentlist>
</conversation>
