Since some time, Deutsche Bahn rolled public wireless lan called “WLAN am Bahnhof” out at 25 railroad stations, you can choose between 4 providers. Sounds really nice, but beside the economical conditions, there is also at least one security issue.
Connecting to the network and opening your favorite browser redirects you to a encrypted portal. So far, so good … the really bad news is, that the certificate expired over 6 years ago.
This seems to be a normal behavior, since it happens often, that invalid certificates are used. This leeds to blunted users, which aren’t verifying such certificates anymore, even when it’s important.
Does anybody know a reasonable way to notify anybody who can solve the problem there beside the normal contact forms?
Tag Archive for 'security'
Today the RIPE DNS for LIRs Training Course did take place. (some not up to date course material can be found here)
Managing some thousands of zones inclusive nameserver infrastructure behind since several years, I thought it would be neat to provide a secure dns chain to our costumers.
After going deeper into the material within the course, I recognized the following impacts:
- only bind9 (>= 9.3) and NSD privides support (yet)
- bandwidth will be increased 2-3 times with max. key size
- increased memory usage depending on your server software
- operational costs will increasing dramaticaly due significant higher amount of regular work
- more computing power (hardware) needed to generate dnssec ready zones and signing
- unknown influence on resolving nameservers (load/memory/bandwidth)
- chain of trust ends at resolving nameserver and is not provided to enduser
Since the last issue isn’t solved (yet), it doesn’t make any sence for me to invest resources into setting up DNSSec infrastructur, cause the end user would not recognize if the communication with the resolving nameserver or the resolving nameserver itself is taken over.
Any complaints and/or hint? Did I missed something?
