Network

I am experimenting with IPv6 at home using Hurricane Electric’s free tunnel broker. I had to upgrade my Cisco 877 router’s RAM, flash and software to get IPv6 support, and also my local caching DNS resolver, dnscache. There are IPv6 patches for djbdns, but since I installed them my DNS lookups seem slow. Using snoop and ethereal, it looks like the behavior of the server with or without the patches is quite different.

Considering the fact that djbdns has not had an official update since 2001, only collections of patches from third-parties, it was time to change, even though it was immune by construction to the Kaminsky bug. I opted for unbound from the same people who wrote the high-performance NSD server used on the RIPE root nameserver. It has a relatively simple architecture design for performance and security, and it supports DNSSEC, something that will become increasingly important.

While the configuration file format for unbound is simple, unlike the nightmare that is BIND, the devil in the details made the migration more painful than it ought have been, thanks in part to my split-horizon DNS configuration for machines on my local subnet. I don’t know if it is placebo effect, but my queries now feel faster.

My banks send me monthly reminders when a statement is ready, but I have to log onto their site to actually get it. This is quite annoying, I would much rather have them simply attach the statements to the notification emails, but I can understand their security concerns. The current system does encourage bad habits that can be exploited by phishers, however.

One of my colleagues informed me that in Japan, banks will actually send them by email using S/MIME public key encryption. I have a S/MIME certificate courtesy of the Thawte web of trust (in fact I am also a Thawte WOT notary) but no US bank that I know of supports this. Secure email adoption is so low in no small part due to the NSA’s successful campaign to make encryption inconvenient to obtain. All major email clients support it (Outlook, Apple Mail.app, Thunderbird, and so on), but webmail users don’t even have the option. This is just another illustration of how the US is lagging behind Asia and Europe in Internet adoption.