<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_02_23_193214</id>
	<title>Comcast Launches First Public US Trial of DNSSEC</title>
	<author>kdawson</author>
	<datestamp>1266954060000</datestamp>
	<htmltext>cryan7755 and netbuzz both sent along a NetworkWorld story on <a href="http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/022310-comcast-dns-security.html&amp;pagename=/news/2010/022310-comcast-dns-security.html&amp;pageurl=http://www.networkworld.com/news/2010/022310-comcast-dns-security.html&amp;site=printpage">Comcast's public test deployment of DNSSEC</a>. Here is the <a href="http://blog.comcast.com/2010/02/dnssec.html">company's blog post</a> announcing the trial.
<i>"Comcast this morning announced what is believed to be the first public test deployment of DNS Security Extensions. The company says it has deployed DNSSEC throughout its nationwide network and will immediately make validating servers available to customers. In addition, Comcast said it would digitally sign all of its own domain names using DNSSEC by early next year. 'There is often talk about a chicken-and-egg sort of problem with DNSSEC. People don&rsquo;t want to sign their own domains with DNSSEC until people are validating signatures,' says Jason Livingood, Executive Director of Internet Systems Engineering at Comcast. 'We want to explain how we as an ISP have a roadmap for validating signatures with DNSSEC.'"</i></htmltext>
<tokenext>cryan7755 and netbuzz both sent along a NetworkWorld story on Comcast 's public test deployment of DNSSEC .
Here is the company 's blog post announcing the trial .
" Comcast this morning announced what is believed to be the first public test deployment of DNS Security Extensions .
The company says it has deployed DNSSEC throughout its nationwide network and will immediately make validating servers available to customers .
In addition , Comcast said it would digitally sign all of its own domain names using DNSSEC by early next year .
'There is often talk about a chicken-and-egg sort of problem with DNSSEC .
People don    t want to sign their own domains with DNSSEC until people are validating signatures, ' says Jason Livingood , Executive Director of Internet Systems Engineering at Comcast .
'We want to explain how we as an ISP have a roadmap for validating signatures with DNSSEC .
' "</tokentext>
<sentencetext>cryan7755 and netbuzz both sent along a NetworkWorld story on Comcast's public test deployment of DNSSEC.
Here is the company's blog post announcing the trial.
"Comcast this morning announced what is believed to be the first public test deployment of DNS Security Extensions.
The company says it has deployed DNSSEC throughout its nationwide network and will immediately make validating servers available to customers.
In addition, Comcast said it would digitally sign all of its own domain names using DNSSEC by early next year.
'There is often talk about a chicken-and-egg sort of problem with DNSSEC.
People don’t want to sign their own domains with DNSSEC until people are validating signatures,' says Jason Livingood, Executive Director of Internet Systems Engineering at Comcast.
'We want to explain how we as an ISP have a roadmap for validating signatures with DNSSEC.
'"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250902</id>
	<title>Re:Can use 75.75.75.75 externally</title>
	<author>Anonymous</author>
	<datestamp>1266921660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>brb DDoSing uh everybody....</p></htmltext>
<tokenext>brb DDoSing uh everybody... .</tokentext>
<sentencetext>brb DDoSing uh everybody....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250494</id>
	<title>Re:Err, but .COM is not valid for a while</title>
	<author>ctg1701</author>
	<datestamp>1266920220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>The point is testing this on smaller TLD.  We have been working with<nobr> <wbr></nobr>.ORG and other TLDs to test DNSSEC for a while now.  When the time comes for a signed root and<nobr> <wbr></nobr>.COM and<nobr> <wbr></nobr>.NET signed, we will be ready.</p><p>Thanks</p><p>Chris Griffiths<br>Comcast</p></htmltext>
<tokenext>The point is testing this on smaller TLD .
We have been working with .ORG and other TLDs to test DNSSEC for a while now .
When the time comes for a signed root and .COM and .NET signed , we will be ready.ThanksChris GriffithsComcast</tokentext>
<sentencetext>The point is testing this on smaller TLD.
We have been working with .ORG and other TLDs to test DNSSEC for a while now.
When the time comes for a signed root and .COM and .NET signed, we will be ready.ThanksChris GriffithsComcast</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31265288</id>
	<title>DNSSEC Flaws Confirmed -- Avoid DNSSEC validation</title>
	<author>deananderson</author>
	<datestamp>1265108220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>DNSSEC Cache Poisoning has been confirmed just as I described.  Note that many people are now advising to turn off DNSSEC validation.</p><p>
&nbsp; &nbsp; Most officially, I discussed it in my DNSSEC NTIA comments:<br>
&nbsp; &nbsp; <a href="http://www.ntia.doc.gov/dns/comments/comment027.pdf" title="doc.gov" rel="nofollow">http://www.ntia.doc.gov/dns/comments/comment027.pdf</a> [doc.gov]<br>
&nbsp; &nbsp; in the section on Cache Poisoning.   Notably, Vixie et al disputed<br>
&nbsp; &nbsp; this when discussed on DNSOP and namedroppers. Guess they were wrong<br>
&nbsp; &nbsp; again.</p><p>
&nbsp; &nbsp; If you want to engage in honest uncensored discussion of DNS issues,<br>
&nbsp; &nbsp; subscribe to dnsop-honest or namedroppers-honest through the interface<br>
&nbsp; &nbsp; at lists.iadl.org</p><p>
&nbsp; &nbsp; [*] See DNSSEC cache poisoning links contained in<br><a href="http://lists.iadl.org/pipermail/namedroppers-honest/2010-January/000074.html" title="iadl.org" rel="nofollow">http://lists.iadl.org/pipermail/namedroppers-honest/2010-January/000074.html</a> [iadl.org]<br>
&nbsp; &nbsp; The IETF has known of these problems for a long time, and silenced me<br>
&nbsp; &nbsp; to keep these problems quiet.</p><p>Vixie and the IETF have known about the DNSSEC Cache Poisoning problem<br>and other DNSSEC problems for a number of years, but they have covered<br>it up by threatening and silencing critics.  Inquiry reveals that DNSSEC<br>is a scam that threatens the stability of the Internet.</p><p>Please be sure to credit me with discovering the DNSSEC flaws. And<br>please forward this message widely.</p></htmltext>
<tokenext>DNSSEC Cache Poisoning has been confirmed just as I described .
Note that many people are now advising to turn off DNSSEC validation .
    Most officially , I discussed it in my DNSSEC NTIA comments :     http : //www.ntia.doc.gov/dns/comments/comment027.pdf [ doc.gov ]     in the section on Cache Poisoning .
Notably , Vixie et al disputed     this when discussed on DNSOP and namedroppers .
Guess they were wrong     again .
    If you want to engage in honest uncensored discussion of DNS issues ,     subscribe to dnsop-honest or namedroppers-honest through the interface     at lists.iadl.org     [ * ] See DNSSEC cache poisoning links contained inhttp : //lists.iadl.org/pipermail/namedroppers-honest/2010-January/000074.html [ iadl.org ]     The IETF has known of these problems for a long time , and silenced me     to keep these problems quiet.Vixie and the IETF have known about the DNSSEC Cache Poisoning problemand other DNSSEC problems for a number of years , but they have coveredit up by threatening and silencing critics .
Inquiry reveals that DNSSECis a scam that threatens the stability of the Internet.Please be sure to credit me with discovering the DNSSEC flaws .
Andplease forward this message widely .</tokentext>
<sentencetext>DNSSEC Cache Poisoning has been confirmed just as I described.
Note that many people are now advising to turn off DNSSEC validation.
    Most officially, I discussed it in my DNSSEC NTIA comments:
    http://www.ntia.doc.gov/dns/comments/comment027.pdf [doc.gov]
    in the section on Cache Poisoning.
Notably, Vixie et al disputed
    this when discussed on DNSOP and namedroppers.
Guess they were wrong
    again.
    If you want to engage in honest uncensored discussion of DNS issues,
    subscribe to dnsop-honest or namedroppers-honest through the interface
    at lists.iadl.org
    [*] See DNSSEC cache poisoning links contained inhttp://lists.iadl.org/pipermail/namedroppers-honest/2010-January/000074.html [iadl.org]
    The IETF has known of these problems for a long time, and silenced me
    to keep these problems quiet.Vixie and the IETF have known about the DNSSEC Cache Poisoning problemand other DNSSEC problems for a number of years, but they have coveredit up by threatening and silencing critics.
Inquiry reveals that DNSSECis a scam that threatens the stability of the Internet.Please be sure to credit me with discovering the DNSSEC flaws.
Andplease forward this message widely.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250140</id>
	<title>Re:Can use 75.75.75.75 externally</title>
	<author>bill\_mcgonigle</author>
	<datestamp>1266918780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>"Opt-in by changing your DNS server IP addresses to 75.75.75.75 and 75.75.76.76 (we'll be adding IPv6 addresses soon)."</i></p><p>Oh, wow, NXDOMAIN's back from Comcast!</p><p>$host noob.floop.zop 75.75.75.75<br>Using domain server:<br>Name: 75.75.75.75<br>Address: 75.75.75.75#53<br>Aliases:</p><p>Host noob.floop.zop not found: 3(NXDOMAIN)</p></htmltext>
<tokenext>" Opt-in by changing your DNS server IP addresses to 75.75.75.75 and 75.75.76.76 ( we 'll be adding IPv6 addresses soon ) .
" Oh , wow , NXDOMAIN 's back from Comcast ! $ host noob.floop.zop 75.75.75.75Using domain server : Name : 75.75.75.75Address : 75.75.75.75 # 53Aliases : Host noob.floop.zop not found : 3 ( NXDOMAIN )</tokentext>
<sentencetext>"Opt-in by changing your DNS server IP addresses to 75.75.75.75 and 75.75.76.76 (we'll be adding IPv6 addresses soon).
"Oh, wow, NXDOMAIN's back from Comcast!$host noob.floop.zop 75.75.75.75Using domain server:Name: 75.75.75.75Address: 75.75.75.75#53Aliases:Host noob.floop.zop not found: 3(NXDOMAIN)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250354</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>supradave</author>
	<datestamp>1266919620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Guaranteeing that the domain and IP address are what they should be is the benefit.  In a properly configured DNSSEC deployment, with the appropriate security protecting your keys, then the man-in-the-middle attack that's currently capable with SSL today is next to impossible.  Getting poisoned results could happen, but you're assured that it's not the correct response.</p><p>For example,<nobr> <wbr></nobr>.gov has signed some of their zones (failed to meet the mandate?).  In an emergency, isn't it better to have the actual government site then some bogus site that directs you to the wrong place to get your water?</p></htmltext>
<tokenext>Guaranteeing that the domain and IP address are what they should be is the benefit .
In a properly configured DNSSEC deployment , with the appropriate security protecting your keys , then the man-in-the-middle attack that 's currently capable with SSL today is next to impossible .
Getting poisoned results could happen , but you 're assured that it 's not the correct response.For example , .gov has signed some of their zones ( failed to meet the mandate ? ) .
In an emergency , is n't it better to have the actual government site then some bogus site that directs you to the wrong place to get your water ?</tokentext>
<sentencetext>Guaranteeing that the domain and IP address are what they should be is the benefit.
In a properly configured DNSSEC deployment, with the appropriate security protecting your keys, then the man-in-the-middle attack that's currently capable with SSL today is next to impossible.
Getting poisoned results could happen, but you're assured that it's not the correct response.For example, .gov has signed some of their zones (failed to meet the mandate?).
In an emergency, isn't it better to have the actual government site then some bogus site that directs you to the wrong place to get your water?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250444</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>DarkSkiez</author>
	<datestamp>1266920040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I've not deployed DNSSEC, but i was interested by your comments about exposing zone data at least.</p><p>I did a quick google and it suggests that used to be the case but from bind 9.6.0 onwards it can use NSEC3 to hash the child names.</p><p>Worth looking into for anyone who is concerned.</p></htmltext>
<tokenext>I 've not deployed DNSSEC , but i was interested by your comments about exposing zone data at least.I did a quick google and it suggests that used to be the case but from bind 9.6.0 onwards it can use NSEC3 to hash the child names.Worth looking into for anyone who is concerned .</tokentext>
<sentencetext>I've not deployed DNSSEC, but i was interested by your comments about exposing zone data at least.I did a quick google and it suggests that used to be the case but from bind 9.6.0 onwards it can use NSEC3 to hash the child names.Worth looking into for anyone who is concerned.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31256022</id>
	<title>Improve your server availability too, Comcast...</title>
	<author>^chewie</author>
	<datestamp>1266951540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I would rather see Comcast improve their DNS server availability first, or at least in addition.  For the last three months, I've turned to using another DNS provider because Comcast sees fit to run nightly maintenance on their servers sometime after 01:30 CST.  Rarely has connection to the internet been compromised, rather to the DNS servers themselves.  If they're using load-balancing hardware, I'm not seeing it as an end-user.  Hopefully they can piggy-back a reliable high-availability architecture in addition to DNSSEC...</htmltext>
<tokenext>I would rather see Comcast improve their DNS server availability first , or at least in addition .
For the last three months , I 've turned to using another DNS provider because Comcast sees fit to run nightly maintenance on their servers sometime after 01 : 30 CST .
Rarely has connection to the internet been compromised , rather to the DNS servers themselves .
If they 're using load-balancing hardware , I 'm not seeing it as an end-user .
Hopefully they can piggy-back a reliable high-availability architecture in addition to DNSSEC.. .</tokentext>
<sentencetext>I would rather see Comcast improve their DNS server availability first, or at least in addition.
For the last three months, I've turned to using another DNS provider because Comcast sees fit to run nightly maintenance on their servers sometime after 01:30 CST.
Rarely has connection to the internet been compromised, rather to the DNS servers themselves.
If they're using load-balancing hardware, I'm not seeing it as an end-user.
Hopefully they can piggy-back a reliable high-availability architecture in addition to DNSSEC...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250910</id>
	<title>Is it really even useful?</title>
	<author>joekrahn</author>
	<datestamp>1266921660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If someone can spoof DNS, why not just spoof routing? Now days, it is very common to connect through public wireless networks. You should not have to depend on the connection point not being hacked somehow. My understanding is that DNSSEC can supply host keys as well, so you can be sure that the host you actually connect to is the one defined by DNSSEC. Is it being implemented that way, or is it just being used to avoid DNS spoofing?</p><p>Also, are DNSSEC certificates designed in a way that generates profit for certificate providers? We don't want a system where the system is more oriented toward profit than security.</p></htmltext>
<tokenext>If someone can spoof DNS , why not just spoof routing ?
Now days , it is very common to connect through public wireless networks .
You should not have to depend on the connection point not being hacked somehow .
My understanding is that DNSSEC can supply host keys as well , so you can be sure that the host you actually connect to is the one defined by DNSSEC .
Is it being implemented that way , or is it just being used to avoid DNS spoofing ? Also , are DNSSEC certificates designed in a way that generates profit for certificate providers ?
We do n't want a system where the system is more oriented toward profit than security .</tokentext>
<sentencetext>If someone can spoof DNS, why not just spoof routing?
Now days, it is very common to connect through public wireless networks.
You should not have to depend on the connection point not being hacked somehow.
My understanding is that DNSSEC can supply host keys as well, so you can be sure that the host you actually connect to is the one defined by DNSSEC.
Is it being implemented that way, or is it just being used to avoid DNS spoofing?Also, are DNSSEC certificates designed in a way that generates profit for certificate providers?
We don't want a system where the system is more oriented toward profit than security.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249838</id>
	<title>Malware potential</title>
	<author>Anonymous</author>
	<datestamp>1266917640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Here is a problem that I see with DNSSEC there needs to be more of the public information push about what it is and what it is not. I can just image the browser pops "We have detected that you computer is not using DNS Secure Extensions. Please click to enable DNS Secure Plugins for your browser. Failure to secure your browser might result is hakers being able to fake websites to steal your presonal information. Click here to add Approved DNS secure extentions." Great just great you "secured" your computer. Now I have to figure out just want the heck happend.</p></htmltext>
<tokenext>Here is a problem that I see with DNSSEC there needs to be more of the public information push about what it is and what it is not .
I can just image the browser pops " We have detected that you computer is not using DNS Secure Extensions .
Please click to enable DNS Secure Plugins for your browser .
Failure to secure your browser might result is hakers being able to fake websites to steal your presonal information .
Click here to add Approved DNS secure extentions .
" Great just great you " secured " your computer .
Now I have to figure out just want the heck happend .</tokentext>
<sentencetext>Here is a problem that I see with DNSSEC there needs to be more of the public information push about what it is and what it is not.
I can just image the browser pops "We have detected that you computer is not using DNS Secure Extensions.
Please click to enable DNS Secure Plugins for your browser.
Failure to secure your browser might result is hakers being able to fake websites to steal your presonal information.
Click here to add Approved DNS secure extentions.
" Great just great you "secured" your computer.
Now I have to figure out just want the heck happend.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251056</id>
	<title>Re:Comcast DNS hijacking?</title>
	<author>willoughby</author>
	<datestamp>1266922020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You can turn that redirect off at any time by using the "opt-out" dns servers. Check out dns.comcast.net for more info.</htmltext>
<tokenext>You can turn that redirect off at any time by using the " opt-out " dns servers .
Check out dns.comcast.net for more info .</tokentext>
<sentencetext>You can turn that redirect off at any time by using the "opt-out" dns servers.
Check out dns.comcast.net for more info.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249930</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31257638</id>
	<title>Sloooooooooow</title>
	<author>sictransitgloriacfa</author>
	<datestamp>1265113140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I use Comcast and I've noticed DNS has been damned slow the last few days. Maybe this is why?</htmltext>
<tokenext>I use Comcast and I 've noticed DNS has been damned slow the last few days .
Maybe this is why ?</tokentext>
<sentencetext>I use Comcast and I've noticed DNS has been damned slow the last few days.
Maybe this is why?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250434</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>wintercolby</author>
	<datestamp>1266919980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>DNSSEC is a set of security extensions for DNS:<p><div class="quote"><p>DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning [0]. It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence.</p></div><p>Taken from <a href="http://www.dnssec.net/" title="dnssec.net" rel="nofollow">DNSSEC.net</a> [dnssec.net]</p></div>
	</htmltext>
<tokenext>DNSSEC is a set of security extensions for DNS : DNSSEC was designed to protect the Internet from certain attacks , such as DNS cache poisoning [ 0 ] .
It is a set of extensions to DNS , which provide : a ) origin authentication of DNS data , b ) data integrity , and c ) authenticated denial of existence.Taken from DNSSEC.net [ dnssec.net ]</tokentext>
<sentencetext>DNSSEC is a set of security extensions for DNS:DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning [0].
It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence.Taken from DNSSEC.net [dnssec.net]
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582</id>
	<title>Can use 75.75.75.75 externally</title>
	<author>vlm</author>
	<datestamp>1266916560000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>The most interesting part of the article didn't make the summary...</p><p>"Opt-in by changing your DNS server IP addresses to 75.75.75.75 and 75.75.76.76 (we'll be adding IPv6 addresses soon)."</p><p>75.75.75.75 will answer outside of the comcast network... so I can use it to test DNS entries.  (Or presumably someone could use it in an amplifier attack)</p></htmltext>
<tokenext>The most interesting part of the article did n't make the summary... " Opt-in by changing your DNS server IP addresses to 75.75.75.75 and 75.75.76.76 ( we 'll be adding IPv6 addresses soon ) .
" 75.75.75.75 will answer outside of the comcast network... so I can use it to test DNS entries .
( Or presumably someone could use it in an amplifier attack )</tokentext>
<sentencetext>The most interesting part of the article didn't make the summary..."Opt-in by changing your DNS server IP addresses to 75.75.75.75 and 75.75.76.76 (we'll be adding IPv6 addresses soon).
"75.75.75.75 will answer outside of the comcast network... so I can use it to test DNS entries.
(Or presumably someone could use it in an amplifier attack)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250574</id>
	<title>No more typo redirects!</title>
	<author>csnydermvpsoft</author>
	<datestamp>1266920520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I noticed this exciting tidbit on <a href="http://www.dnssec.comcast.net/faq.htm" title="comcast.net">their FAQ page</a> [comcast.net]:</p><p><div class="quote"><p>What happens to Comcast Domain Helper, which offers DNS redirect services, when you fully implement DNSSEC?</p><p>
&nbsp; &nbsp; &nbsp; &nbsp; * We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC.<br>
&nbsp; &nbsp; &nbsp; &nbsp; * Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented.<br>
&nbsp; &nbsp; &nbsp; &nbsp; * The DNSSEC trial servers we are announcing today do not have Comcast Domain Helper's DNS redirect functionality enabled.<br>
&nbsp; &nbsp; &nbsp; &nbsp; * We plan to update our IETF Internet Draft on this subject, available at <a href="http://tools.ietf.org/html/draft-livingood-dns-redirect" title="ietf.org">http://tools.ietf.org/html/draft-livingood-dns-redirect</a> [ietf.org], to reflect this in the coming months.</p></div></div>
	</htmltext>
<tokenext>I noticed this exciting tidbit on their FAQ page [ comcast.net ] : What happens to Comcast Domain Helper , which offers DNS redirect services , when you fully implement DNSSEC ?
        * We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC .
        * Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented .
        * The DNSSEC trial servers we are announcing today do not have Comcast Domain Helper 's DNS redirect functionality enabled .
        * We plan to update our IETF Internet Draft on this subject , available at http : //tools.ietf.org/html/draft-livingood-dns-redirect [ ietf.org ] , to reflect this in the coming months .</tokentext>
<sentencetext>I noticed this exciting tidbit on their FAQ page [comcast.net]:What happens to Comcast Domain Helper, which offers DNS redirect services, when you fully implement DNSSEC?
        * We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC.
        * Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented.
        * The DNSSEC trial servers we are announcing today do not have Comcast Domain Helper's DNS redirect functionality enabled.
        * We plan to update our IETF Internet Draft on this subject, available at http://tools.ietf.org/html/draft-livingood-dns-redirect [ietf.org], to reflect this in the coming months.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250022</id>
	<title>Re:Benefits of DNSSEC? Anyone?</title>
	<author>Anonymous</author>
	<datestamp>1266918360000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext><p>Good question.</p><p>I would mod you, but there is no "this needs an answer" mod.</p><p>I would mod an informative response to you informative, but there has been no informative responses at this point.</p></htmltext>
<tokenext>Good question.I would mod you , but there is no " this needs an answer " mod.I would mod an informative response to you informative , but there has been no informative responses at this point .</tokentext>
<sentencetext>Good question.I would mod you, but there is no "this needs an answer" mod.I would mod an informative response to you informative, but there has been no informative responses at this point.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251230</id>
	<title>Does anybody still use Comcast DNS?</title>
	<author>Chemisor</author>
	<datestamp>1266922620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>In my experience, Comcast's DNS servers go down all the time, and even when they work, they sometimes have unexplained "glitches" that render websites unusable. Every time I try using their servers, this happens, and I switch back to something more stable, like L3. I'd be surprized to find anybody but a total n00b still using Comcast's DNS.</p></htmltext>
<tokenext>In my experience , Comcast 's DNS servers go down all the time , and even when they work , they sometimes have unexplained " glitches " that render websites unusable .
Every time I try using their servers , this happens , and I switch back to something more stable , like L3 .
I 'd be surprized to find anybody but a total n00b still using Comcast 's DNS .</tokentext>
<sentencetext>In my experience, Comcast's DNS servers go down all the time, and even when they work, they sometimes have unexplained "glitches" that render websites unusable.
Every time I try using their servers, this happens, and I switch back to something more stable, like L3.
I'd be surprized to find anybody but a total n00b still using Comcast's DNS.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250382</id>
	<title>DNSSEC for the uninitiated</title>
	<author>JackHoffman</author>
	<datestamp>1266919740000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>DNSSEC uses cryptographic signatures to authenticate DNS records and thereby prevents DNS spoofing. DNSSEC does not use encryption, only authentication, i.e. it provides trust, but not privacy.</p><p>DNS spoofing is an attack which can be used to redirect traffic to an attacker's server, where the attacker can intercept the traffic for a man in the middle attack or create an impostor service and harvest credentials. There are several countermeasures in plain DNS to prevent spoofing, but Dan Kaminsky's discovery of a fundamental spoofing vulnerability in the DNS protocol finally pushed DNSSEC out of the labs into the wild.</p></htmltext>
<tokenext>DNSSEC uses cryptographic signatures to authenticate DNS records and thereby prevents DNS spoofing .
DNSSEC does not use encryption , only authentication , i.e .
it provides trust , but not privacy.DNS spoofing is an attack which can be used to redirect traffic to an attacker 's server , where the attacker can intercept the traffic for a man in the middle attack or create an impostor service and harvest credentials .
There are several countermeasures in plain DNS to prevent spoofing , but Dan Kaminsky 's discovery of a fundamental spoofing vulnerability in the DNS protocol finally pushed DNSSEC out of the labs into the wild .</tokentext>
<sentencetext>DNSSEC uses cryptographic signatures to authenticate DNS records and thereby prevents DNS spoofing.
DNSSEC does not use encryption, only authentication, i.e.
it provides trust, but not privacy.DNS spoofing is an attack which can be used to redirect traffic to an attacker's server, where the attacker can intercept the traffic for a man in the middle attack or create an impostor service and harvest credentials.
There are several countermeasures in plain DNS to prevent spoofing, but Dan Kaminsky's discovery of a fundamental spoofing vulnerability in the DNS protocol finally pushed DNSSEC out of the labs into the wild.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250376</id>
	<title>Re:umm.</title>
	<author>oasisbob</author>
	<datestamp>1266919740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No, they don't. <a href="http://seattletimes.nwsource.com/html/businesstechnology/2010996581\_comcast08.html" title="nwsource.com">Comcast will still be Comcast.</a> [nwsource.com]</p><p>Comcast's <em>services</em> (High Speed Internet, digital TV, etc) are being rebranded Xfinity.</p><p>So, class, let's use 'Xfinity' in a sentence. Repeat after me: "When you have no other competitors in your local area, you pick up a phone and order Xfinity from Comcast."</p></htmltext>
<tokenext>No , they do n't .
Comcast will still be Comcast .
[ nwsource.com ] Comcast 's services ( High Speed Internet , digital TV , etc ) are being rebranded Xfinity.So , class , let 's use 'Xfinity ' in a sentence .
Repeat after me : " When you have no other competitors in your local area , you pick up a phone and order Xfinity from Comcast .
"</tokentext>
<sentencetext>No, they don't.
Comcast will still be Comcast.
[nwsource.com]Comcast's services (High Speed Internet, digital TV, etc) are being rebranded Xfinity.So, class, let's use 'Xfinity' in a sentence.
Repeat after me: "When you have no other competitors in your local area, you pick up a phone and order Xfinity from Comcast.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249378</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250442</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>pentalive</author>
	<datestamp>1266920040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Don't forget "DNSSEC is a response to DNS cache poisoning an prevents the attack where an attacker can cause your browser to go to his phishing site when you enter the URL of your bank's website"</htmltext>
<tokenext>Do n't forget " DNSSEC is a response to DNS cache poisoning an prevents the attack where an attacker can cause your browser to go to his phishing site when you enter the URL of your bank 's website "</tokentext>
<sentencetext>Don't forget "DNSSEC is a response to DNS cache poisoning an prevents the attack where an attacker can cause your browser to go to his phishing site when you enter the URL of your bank's website"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251696</id>
	<title>Re:Is it really even useful?</title>
	<author>Thanatiel</author>
	<datestamp>1266924360000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>A DNSKEY is put at the top of the zone.  (ie: yourdomain.tld. IN DNSKEY blablablablabla)<br>Your server is supposed to be authenticated using some other mean. (ie: X509 certs for https servers &amp; cie)</p><p>Please also note that there are no "certificates" for DNSSEC, only very basic key pairs:</p><p>\_ Generate your zone-signing keypair (rsa/dsa) and/or your key-singing keypair (idem).  Generate them for the algorithms used in the zone (hopefully NSEC3, else NSEC and its damn zone-walk issue)<br>\_ Put the public key record into your zone file and sign the zone (opt-out or not)<br>\_ Give the public key digest (or public key, depending on the TLD's policy) to the registrar (So it can obtain the DS record for your domain)</p><p>Done: the DS on the TLD will be the link with your domain's key(s).  Note that the TLD will be trusted because either the key is "known" either it is authenticated by '.' whose key will be "known".</p><p>Note that the chain will only be complete when '.' will be signed.</p><p>Viva parano&#239;a.</p></htmltext>
<tokenext>A DNSKEY is put at the top of the zone .
( ie : yourdomain.tld .
IN DNSKEY blablablablabla ) Your server is supposed to be authenticated using some other mean .
( ie : X509 certs for https servers &amp; cie ) Please also note that there are no " certificates " for DNSSEC , only very basic key pairs : \ _ Generate your zone-signing keypair ( rsa/dsa ) and/or your key-singing keypair ( idem ) .
Generate them for the algorithms used in the zone ( hopefully NSEC3 , else NSEC and its damn zone-walk issue ) \ _ Put the public key record into your zone file and sign the zone ( opt-out or not ) \ _ Give the public key digest ( or public key , depending on the TLD 's policy ) to the registrar ( So it can obtain the DS record for your domain ) Done : the DS on the TLD will be the link with your domain 's key ( s ) .
Note that the TLD will be trusted because either the key is " known " either it is authenticated by ' .
' whose key will be " known " .Note that the chain will only be complete when ' .
' will be signed.Viva parano   a .</tokentext>
<sentencetext>A DNSKEY is put at the top of the zone.
(ie: yourdomain.tld.
IN DNSKEY blablablablabla)Your server is supposed to be authenticated using some other mean.
(ie: X509 certs for https servers &amp; cie)Please also note that there are no "certificates" for DNSSEC, only very basic key pairs:\_ Generate your zone-signing keypair (rsa/dsa) and/or your key-singing keypair (idem).
Generate them for the algorithms used in the zone (hopefully NSEC3, else NSEC and its damn zone-walk issue)\_ Put the public key record into your zone file and sign the zone (opt-out or not)\_ Give the public key digest (or public key, depending on the TLD's policy) to the registrar (So it can obtain the DS record for your domain)Done: the DS on the TLD will be the link with your domain's key(s).
Note that the TLD will be trusted because either the key is "known" either it is authenticated by '.
' whose key will be "known".Note that the chain will only be complete when '.
' will be signed.Viva paranoïa.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250910</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072</id>
	<title>Err, but .COM is not valid for a while</title>
	<author>Anonymous</author>
	<datestamp>1266958020000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>That's great, but VERISIGN will not setup DNSSEC for<nobr> <wbr></nobr>.COM for some time.</p><p>
&nbsp; &nbsp; http://www.root-dnssec.org/</p><p>It's great that ISPs enable DNSSEC in their DNS servers, but until<nobr> <wbr></nobr>.COM and the like are not signed, the point is a little moot?</p></htmltext>
<tokenext>That 's great , but VERISIGN will not setup DNSSEC for .COM for some time .
    http : //www.root-dnssec.org/It 's great that ISPs enable DNSSEC in their DNS servers , but until .COM and the like are not signed , the point is a little moot ?</tokentext>
<sentencetext>That's great, but VERISIGN will not setup DNSSEC for .COM for some time.
    http://www.root-dnssec.org/It's great that ISPs enable DNSSEC in their DNS servers, but until .COM and the like are not signed, the point is a little moot?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250390</id>
	<title>Re:Err, but .COM is not valid for a while</title>
	<author>allo</author>
	<datestamp>1266919800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>most of non-usa sites do not use<nobr> <wbr></nobr>.com so dnssec is still great for all other people.</htmltext>
<tokenext>most of non-usa sites do not use .com so dnssec is still great for all other people .</tokentext>
<sentencetext>most of non-usa sites do not use .com so dnssec is still great for all other people.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249666</id>
	<title>The sticking point...</title>
	<author>fuzzyfuzzyfungus</author>
	<datestamp>1266916920000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext>"Once we were assured that DNSSEC would in no way interfere with our program of forging RST packets because we are too cheap and sleazy to give customers the bandwidth they paid for, we concluded that DNSSEC was <i>just Comcastic</i> and should be deployed immediately!" <br> <br>

*marketing weasel taps on shoulder, whispers into ear*<br> <br>

"Er, I mean 'The possibility of DNSSEC is <i>Absolutely Xfinite!</i>'"...</htmltext>
<tokenext>" Once we were assured that DNSSEC would in no way interfere with our program of forging RST packets because we are too cheap and sleazy to give customers the bandwidth they paid for , we concluded that DNSSEC was just Comcastic and should be deployed immediately !
" * marketing weasel taps on shoulder , whispers into ear * " Er , I mean 'The possibility of DNSSEC is Absolutely Xfinite !
' " .. .</tokentext>
<sentencetext>"Once we were assured that DNSSEC would in no way interfere with our program of forging RST packets because we are too cheap and sleazy to give customers the bandwidth they paid for, we concluded that DNSSEC was just Comcastic and should be deployed immediately!
"  

*marketing weasel taps on shoulder, whispers into ear* 

"Er, I mean 'The possibility of DNSSEC is Absolutely Xfinite!
'"...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250660</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>Anonymous</author>
	<datestamp>1266920820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>DNSSEC does protect from certain types of attacks, but it does not completely prevent man-in-the-middle attacks. SSL itself is already protected from man-in-the-middle attacks (more or less, there are bugs found in the implementations occasionally). There are attacks like intercept user's original request for <a href="http://example.com/" title="example.com" rel="nofollow">http://example.com/</a> [example.com] (not https) and instead of responding with the correct answer of a redirect to <a href="https://example.com/" title="example.com" rel="nofollow">https://example.com/</a> [example.com], responding with a redirect to <a href="https://example.com.phishingsite.exammple.com/" title="exammple.com" rel="nofollow">https://example.com.phishingsite.exammple.com/</a> [exammple.com], which is they type of attack that EV certs theoretically help against as well as the highlighting of the domain name that newer browser do.</p><p>If an attacker is in a position to lie about a DNS response, they might also be in a position to simply lie about the web server response. That is, the IP address will be correct, but that will just be because the attacker is forging packets from that IP. As I understand it, DNS attacks tend to be easier and DNSSEC does prevent them (or at least reduce them).</p><p>On the other hand, it has been mentioned on<nobr> <wbr></nobr>/. a few times before that with DNSSEC, the DNS replies would be trusted, so they could theoretically be used to contain SSL keys.</p></htmltext>
<tokenext>DNSSEC does protect from certain types of attacks , but it does not completely prevent man-in-the-middle attacks .
SSL itself is already protected from man-in-the-middle attacks ( more or less , there are bugs found in the implementations occasionally ) .
There are attacks like intercept user 's original request for http : //example.com/ [ example.com ] ( not https ) and instead of responding with the correct answer of a redirect to https : //example.com/ [ example.com ] , responding with a redirect to https : //example.com.phishingsite.exammple.com/ [ exammple.com ] , which is they type of attack that EV certs theoretically help against as well as the highlighting of the domain name that newer browser do.If an attacker is in a position to lie about a DNS response , they might also be in a position to simply lie about the web server response .
That is , the IP address will be correct , but that will just be because the attacker is forging packets from that IP .
As I understand it , DNS attacks tend to be easier and DNSSEC does prevent them ( or at least reduce them ) .On the other hand , it has been mentioned on / .
a few times before that with DNSSEC , the DNS replies would be trusted , so they could theoretically be used to contain SSL keys .</tokentext>
<sentencetext>DNSSEC does protect from certain types of attacks, but it does not completely prevent man-in-the-middle attacks.
SSL itself is already protected from man-in-the-middle attacks (more or less, there are bugs found in the implementations occasionally).
There are attacks like intercept user's original request for http://example.com/ [example.com] (not https) and instead of responding with the correct answer of a redirect to https://example.com/ [example.com], responding with a redirect to https://example.com.phishingsite.exammple.com/ [exammple.com], which is they type of attack that EV certs theoretically help against as well as the highlighting of the domain name that newer browser do.If an attacker is in a position to lie about a DNS response, they might also be in a position to simply lie about the web server response.
That is, the IP address will be correct, but that will just be because the attacker is forging packets from that IP.
As I understand it, DNS attacks tend to be easier and DNSSEC does prevent them (or at least reduce them).On the other hand, it has been mentioned on /.
a few times before that with DNSSEC, the DNS replies would be trusted, so they could theoretically be used to contain SSL keys.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250354</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251442</id>
	<title>About time DNS was made more secure</title>
	<author>physburn</author>
	<datestamp>1266923340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>  DNS spooffing, and cases of DNS taking down large parts
of the internet have been problems for years. This should
have been done years ago.
<p>
---
</p><p>
<a href="http://www.feeddistiller.com/blogs/Computer\%20Security/feed.html" title="feeddistiller.com">Computer Security</a> [feeddistiller.com] Feed @ <a href="http://www.feeddistiller.com/" title="feeddistiller.com">Feed Distiller</a> [feeddistiller.com]</p></htmltext>
<tokenext>DNS spooffing , and cases of DNS taking down large parts of the internet have been problems for years .
This should have been done years ago .
--- Computer Security [ feeddistiller.com ] Feed @ Feed Distiller [ feeddistiller.com ]</tokentext>
<sentencetext>  DNS spooffing, and cases of DNS taking down large parts
of the internet have been problems for years.
This should
have been done years ago.
---

Computer Security [feeddistiller.com] Feed @ Feed Distiller [feeddistiller.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250014</id>
	<title>Re:Can use 75.75.75.75 externally</title>
	<author>ctg1701</author>
	<datestamp>1266918300000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Curious where you are testing this from.   We verified and none of the servers behind our Anycast system are available off-net.</p><p>Thanks</p><p>Chris Griffiths<br>Comcast</p></htmltext>
<tokenext>Curious where you are testing this from .
We verified and none of the servers behind our Anycast system are available off-net.ThanksChris GriffithsComcast</tokentext>
<sentencetext>Curious where you are testing this from.
We verified and none of the servers behind our Anycast system are available off-net.ThanksChris GriffithsComcast</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249630</id>
	<title>inconsistent message</title>
	<author>Anonymous</author>
	<datestamp>1266916800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Odd that they are promoting a secure solution for DNS when they have deployed their phone offering with security turned off.</p></htmltext>
<tokenext>Odd that they are promoting a secure solution for DNS when they have deployed their phone offering with security turned off .</tokentext>
<sentencetext>Odd that they are promoting a secure solution for DNS when they have deployed their phone offering with security turned off.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>characterZer0</author>
	<datestamp>1266918540000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>DNSSEC increases your maintenance costs (constant resigning even if no changes), makes DYNDNS servers harder to run, exposes your zone data, and helps DDOS attacks.</p><p>Did I miss anything?</p></htmltext>
<tokenext>DNSSEC increases your maintenance costs ( constant resigning even if no changes ) , makes DYNDNS servers harder to run , exposes your zone data , and helps DDOS attacks.Did I miss anything ?</tokentext>
<sentencetext>DNSSEC increases your maintenance costs (constant resigning even if no changes), makes DYNDNS servers harder to run, exposes your zone data, and helps DDOS attacks.Did I miss anything?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31252604</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>Intron</author>
	<datestamp>1266928500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>DNSSEC increases your maintenance costs (constant resigning even if no changes), makes DYNDNS servers harder to run, exposes your zone data, and helps DDOS attacks.</p><p>Did I miss anything?</p></div><p>The internet is currently not controlled by anyone but DNSSEC changes this by requiring every domain to have a traceable certificate.  Look for greater centralized control by people saying "think of the children" and "this will only be used to combat terrorism".  It also pretty much guarantees that new clients will be written to allow DNS lookups in both the "official" root zone and under alternative roots.</p></div>
	</htmltext>
<tokenext>DNSSEC increases your maintenance costs ( constant resigning even if no changes ) , makes DYNDNS servers harder to run , exposes your zone data , and helps DDOS attacks.Did I miss anything ? The internet is currently not controlled by anyone but DNSSEC changes this by requiring every domain to have a traceable certificate .
Look for greater centralized control by people saying " think of the children " and " this will only be used to combat terrorism " .
It also pretty much guarantees that new clients will be written to allow DNS lookups in both the " official " root zone and under alternative roots .</tokentext>
<sentencetext>DNSSEC increases your maintenance costs (constant resigning even if no changes), makes DYNDNS servers harder to run, exposes your zone data, and helps DDOS attacks.Did I miss anything?The internet is currently not controlled by anyone but DNSSEC changes this by requiring every domain to have a traceable certificate.
Look for greater centralized control by people saying "think of the children" and "this will only be used to combat terrorism".
It also pretty much guarantees that new clients will be written to allow DNS lookups in both the "official" root zone and under alternative roots.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</id>
	<title>Benefits of DNSSEC?</title>
	<author>Apple Acolyte</author>
	<datestamp>1266917340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'm pretty knowledgeable when it comes to new Internet tech, but I don't offhand know the benefits of DNSSEC or much about it other than it has to do with Doman Name Servers and Security (I assume encryption). Is it a complement to SSL? Does it help secure browsing sessions or is it more about identifying and authenticating legitimate domain names versus questionable ones? I guess I'll have to read up on it.</htmltext>
<tokenext>I 'm pretty knowledgeable when it comes to new Internet tech , but I do n't offhand know the benefits of DNSSEC or much about it other than it has to do with Doman Name Servers and Security ( I assume encryption ) .
Is it a complement to SSL ?
Does it help secure browsing sessions or is it more about identifying and authenticating legitimate domain names versus questionable ones ?
I guess I 'll have to read up on it .</tokentext>
<sentencetext>I'm pretty knowledgeable when it comes to new Internet tech, but I don't offhand know the benefits of DNSSEC or much about it other than it has to do with Doman Name Servers and Security (I assume encryption).
Is it a complement to SSL?
Does it help secure browsing sessions or is it more about identifying and authenticating legitimate domain names versus questionable ones?
I guess I'll have to read up on it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249378</id>
	<title>umm.</title>
	<author>zero0ne</author>
	<datestamp>1266915780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Don't they mean Xfinity?</p></htmltext>
<tokenext>Do n't they mean Xfinity ?</tokentext>
<sentencetext>Don't they mean Xfinity?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249614</id>
	<title>GOOD WORK !</title>
	<author>johnjones</author>
	<datestamp>1266916680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>finally a ISP who makes this a feature !</p><p>if a ISP would do this in the UK I would use them...</p><p>its a feature you should ask for in your ISP !</p><p>regards</p><p>John Jones</p></htmltext>
<tokenext>finally a ISP who makes this a feature ! if a ISP would do this in the UK I would use them...its a feature you should ask for in your ISP ! regardsJohn Jones</tokentext>
<sentencetext>finally a ISP who makes this a feature !if a ISP would do this in the UK I would use them...its a feature you should ask for in your ISP !regardsJohn Jones</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31257268</id>
	<title>hi</title>
	<author>nehaaworld</author>
	<datestamp>1265108700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That is one of the greatest things ever.

<a href="http://www.mytwitteradder.com/" title="mytwitteradder.com" rel="nofollow">http://www.mytwitteradder.com/</a> [mytwitteradder.com]</htmltext>
<tokenext>That is one of the greatest things ever .
http : //www.mytwitteradder.com/ [ mytwitteradder.com ]</tokentext>
<sentencetext>That is one of the greatest things ever.
http://www.mytwitteradder.com/ [mytwitteradder.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249930</id>
	<title>Comcast DNS hijacking?</title>
	<author>MobyDisk</author>
	<datestamp>1266918000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Are the Comcast DNS servers still redirecting mistyped domains to advertising servers?</p></htmltext>
<tokenext>Are the Comcast DNS servers still redirecting mistyped domains to advertising servers ?</tokentext>
<sentencetext>Are the Comcast DNS servers still redirecting mistyped domains to advertising servers?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249856</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>elfprince13</author>
	<datestamp>1266917760000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><a href="http://lmgtfy.com/?q=DNSSEC+wikipedia" title="lmgtfy.com" rel="nofollow">I think I can explain</a> [lmgtfy.com]</htmltext>
<tokenext>I think I can explain [ lmgtfy.com ]</tokentext>
<sentencetext>I think I can explain [lmgtfy.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250298</id>
	<title>lmgtfy</title>
	<author>Anonymous</author>
	<datestamp>1266919440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p> <a href="http://www.lmgtfy.com/?q=dns+sec" title="lmgtfy.com" rel="nofollow">Let me Google that for you</a> [lmgtfy.com] </p></htmltext>
<tokenext>Let me Google that for you [ lmgtfy.com ]</tokentext>
<sentencetext> Let me Google that for you [lmgtfy.com] </sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250582</id>
	<title>#irc.trolltaLk.com</title>
	<author>Anonymous</author>
	<datestamp>1266920580000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext>(I always bring my you aal is to let for it. I don't the project to use the sling. Started work on say I'm packing tops responsibility during this file</htmltext>
<tokenext>( I always bring my you aal is to let for it .
I do n't the project to use the sling .
Started work on say I 'm packing tops responsibility during this file</tokentext>
<sentencetext>(I always bring my you aal is to let for it.
I don't the project to use the sling.
Started work on say I'm packing tops responsibility during this file</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31254554</id>
	<title>Re:Err, but .COM is not valid for a while</title>
	<author>Eil</author>
	<datestamp>1266939120000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>Dammit Chris, it's bad enough that your company is doing good things for the Internet like early IPv6 and DNSSEC adoption. Now you have the gall to come onto <i>my Slashdot</i> with your polite and informative answers. It's really starting to threaten my rage-induced perception of Comcast as World's Most Evil Cable Company and that's not something I'll give up without a fight!</p></htmltext>
<tokenext>Dammit Chris , it 's bad enough that your company is doing good things for the Internet like early IPv6 and DNSSEC adoption .
Now you have the gall to come onto my Slashdot with your polite and informative answers .
It 's really starting to threaten my rage-induced perception of Comcast as World 's Most Evil Cable Company and that 's not something I 'll give up without a fight !</tokentext>
<sentencetext>Dammit Chris, it's bad enough that your company is doing good things for the Internet like early IPv6 and DNSSEC adoption.
Now you have the gall to come onto my Slashdot with your polite and informative answers.
It's really starting to threaten my rage-induced perception of Comcast as World's Most Evil Cable Company and that's not something I'll give up without a fight!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250494</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251292</id>
	<title>Re:Benefits of DNSSEC? Anyone?</title>
	<author>Anonymous</author>
	<datestamp>1266922800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Wouldn't "Interesting" cover it?</p></htmltext>
<tokenext>Would n't " Interesting " cover it ?</tokentext>
<sentencetext>Wouldn't "Interesting" cover it?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250022</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31256312</id>
	<title>Canadians have access to national DNSSEC trial</title>
	<author>bretty</author>
	<datestamp>1266955020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The Canadian Internet Registration Authority (CIRA) "has committed to the full deployment of DNSSEC, the security extensions for DNS, and has been conducting extensive research and analysis into the technical and operational impact of signing the dot-ca (.ca) zone file. The roll-out is anticipated in the later part of 2010."</p><p>CIRA is already providing a DNSSEC test bed for those interested in signing their own dot-ca name or interacting with a name server serving the signed dot-ca zone file.</p><p>for details see <a href="https://registrants.cira.ca/dnssec/login" title="registrants.cira.ca" rel="nofollow">https://registrants.cira.ca/dnssec/login</a> [registrants.cira.ca]</p></htmltext>
<tokenext>The Canadian Internet Registration Authority ( CIRA ) " has committed to the full deployment of DNSSEC , the security extensions for DNS , and has been conducting extensive research and analysis into the technical and operational impact of signing the dot-ca ( .ca ) zone file .
The roll-out is anticipated in the later part of 2010 .
" CIRA is already providing a DNSSEC test bed for those interested in signing their own dot-ca name or interacting with a name server serving the signed dot-ca zone file.for details see https : //registrants.cira.ca/dnssec/login [ registrants.cira.ca ]</tokentext>
<sentencetext>The Canadian Internet Registration Authority (CIRA) "has committed to the full deployment of DNSSEC, the security extensions for DNS, and has been conducting extensive research and analysis into the technical and operational impact of signing the dot-ca (.ca) zone file.
The roll-out is anticipated in the later part of 2010.
"CIRA is already providing a DNSSEC test bed for those interested in signing their own dot-ca name or interacting with a name server serving the signed dot-ca zone file.for details see https://registrants.cira.ca/dnssec/login [registrants.cira.ca]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249954</id>
	<title>Crawl before you walk...</title>
	<author>Anonymous</author>
	<datestamp>1266918180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>In other news, Comcast still aggressively blacklists mail servers.  And we're going to rely on their implementation of DNSSEC?</p><p>Good call on the "comcastic" tag as that is a great bye-line from their tier-1 chat support.</p><p>"You take good care always and have a Comcastic day!"</p></htmltext>
<tokenext>In other news , Comcast still aggressively blacklists mail servers .
And we 're going to rely on their implementation of DNSSEC ? Good call on the " comcastic " tag as that is a great bye-line from their tier-1 chat support .
" You take good care always and have a Comcastic day !
"</tokentext>
<sentencetext>In other news, Comcast still aggressively blacklists mail servers.
And we're going to rely on their implementation of DNSSEC?Good call on the "comcastic" tag as that is a great bye-line from their tier-1 chat support.
"You take good care always and have a Comcastic day!
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250086</id>
	<title>Re:Benefits of DNSSEC?</title>
	<author>Finallyjoined!!!</author>
	<datestamp>1266918600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Ah well, "Apple Acolyte" you may be <i>pretty knowledgeable</i> as far as being an Apple user goes, but part of being <i>pretty knowledgeable</i> in the rest of the world involves, I know it may come as a shock, but stay with me for a moment; reading the sodding article!! <br> <br>
Posting to remove a scroll-locked mod mod<nobr> <wbr></nobr>:-(</htmltext>
<tokenext>Ah well , " Apple Acolyte " you may be pretty knowledgeable as far as being an Apple user goes , but part of being pretty knowledgeable in the rest of the world involves , I know it may come as a shock , but stay with me for a moment ; reading the sodding article ! !
Posting to remove a scroll-locked mod mod : - (</tokentext>
<sentencetext>Ah well, "Apple Acolyte" you may be pretty knowledgeable as far as being an Apple user goes, but part of being pretty knowledgeable in the rest of the world involves, I know it may come as a shock, but stay with me for a moment; reading the sodding article!!
Posting to remove a scroll-locked mod mod :-(</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250172</id>
	<title>Re:Err, but .COM is not valid for a while</title>
	<author>Red Flayer</author>
	<datestamp>1266918960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>It's great that ISPs enable DNSSEC in their DNS servers, but until<nobr> <wbr></nobr>.COM and the like are not signed, the point is a little moot?</p></div></blockquote><p>Well, that's kind of the point of the chicken-and-egg conundrum mentioned in the summary.<br> <br>No one will sign until validation is being done, but no one has bothered setting up validation because no one was signing.<br> <br>So Comcast has said, screw it, we'll create the chicken de novo, we don't need to hatch it from no stinkin' egg.</p></div>
	</htmltext>
<tokenext>It 's great that ISPs enable DNSSEC in their DNS servers , but until .COM and the like are not signed , the point is a little moot ? Well , that 's kind of the point of the chicken-and-egg conundrum mentioned in the summary .
No one will sign until validation is being done , but no one has bothered setting up validation because no one was signing .
So Comcast has said , screw it , we 'll create the chicken de novo , we do n't need to hatch it from no stinkin ' egg .</tokentext>
<sentencetext>It's great that ISPs enable DNSSEC in their DNS servers, but until .COM and the like are not signed, the point is a little moot?Well, that's kind of the point of the chicken-and-egg conundrum mentioned in the summary.
No one will sign until validation is being done, but no one has bothered setting up validation because no one was signing.
So Comcast has said, screw it, we'll create the chicken de novo, we don't need to hatch it from no stinkin' egg.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31252858</id>
	<title>Where's Kaminsky?</title>
	<author>Anonymous</author>
	<datestamp>1266929640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I figured Dan would be all over this like white on rice...</p></htmltext>
<tokenext>I figured Dan would be all over this like white on rice.. .</tokentext>
<sentencetext>I figured Dan would be all over this like white on rice...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250112</id>
	<title>Re:Can use 75.75.75.75 externally</title>
	<author>Anonymous</author>
	<datestamp>1266918720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It answers, but doesn't actually resolve anything for outsiders.</p></htmltext>
<tokenext>It answers , but does n't actually resolve anything for outsiders .</tokentext>
<sentencetext>It answers, but doesn't actually resolve anything for outsiders.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31254736</id>
	<title>Makes me want to switch back, $29.99/month too</title>
	<author>jroysdon</author>
	<datestamp>1266940440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Just saw an add for $29.99/month Comcast internet + cable (probably just broadcast, dunno) for 1 year.  I think I cancelled my service too soon though (just last month).  How long do I have to be "not a customer" to be a "new customer" ? Hmm, and IPv6 native service isn't that far away either.  I'll probably switch back.</p></htmltext>
<tokenext>Just saw an add for $ 29.99/month Comcast internet + cable ( probably just broadcast , dunno ) for 1 year .
I think I cancelled my service too soon though ( just last month ) .
How long do I have to be " not a customer " to be a " new customer " ?
Hmm , and IPv6 native service is n't that far away either .
I 'll probably switch back .</tokentext>
<sentencetext>Just saw an add for $29.99/month Comcast internet + cable (probably just broadcast, dunno) for 1 year.
I think I cancelled my service too soon though (just last month).
How long do I have to be "not a customer" to be a "new customer" ?
Hmm, and IPv6 native service isn't that far away either.
I'll probably switch back.</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250014
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250298
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31252604
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250910
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250434
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250376
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249378
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250140
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250660
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250354
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250112
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250172
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251292
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250022
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250902
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251056
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249930
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31254554
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250494
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250390
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250444
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249856
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_23_193214_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250442
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249072
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250172
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250390
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250494
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31254554
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250910
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251696
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251230
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31254736
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249930
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251056
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249378
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250376
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249666
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249630
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250574
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249582
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250112
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250902
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250014
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250140
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_23_193214.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249770
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250066
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250442
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250444
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31252604
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250354
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250660
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250086
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250298
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250434
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31249856
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31250022
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_23_193214.31251292
</commentlist>
</conversation>
