I’m not particularly proud of the neologism “upgrade forcer.” It encourages a bad behavior. Product managers can be a desperate lot, particularly when their bonus is riding on how many copies of the upgrade get sold. When times are good sweet new product features will draw users to upgrade. But, as products mature the customers grow content and convincing them to upgrade get’s harder. Having run out of carrots the product managers are tempted to turn to sticks.
Installed bases are hard to move. Installed bases without a clear owner, or product manager, are even harder move. You can chat up how nice it would be if we all switched to IP6, but nice isn’t must. It would be nice if my correspondents encrypted their email; but little drives that upgrade. Effective upgrade drivers engineer a situation where users move quickly to upgrade. Y2K was an effective upgrade driver, 1999 was a very good year for upgrade revenue. I’ve a pet theory that the late 90s high tech bubble owns a debt to that.
One of the open many open standards in the Internet menagerie that badly needs an upgrade is DNS. DNS is an amazing design for it’s time; but one of it’s failings is security. It has serious design flaws, and numerous vulnerabilities. For example you ISP, who your probably should not trust, can trivially intercept DNS queries and inject what ever answers he thinks serves his purposes. The vulnerabilities make that even worse, since at least you can complain, negotiate, even sue if you catch your ISP playing those games. But if some evil dude poisons one of the DNS servers your happen to use and your email, IM, or bank traffic is intercepted your unlikely to have much recourse.
Security flaws play an interesting role in driving upgrades. The product manager can use them to threaten the users, while at least nominally not using force himself.
For years people have been attempting to redesign DNS to add better security. At first blush it seemed straight forward, but it turned out to be way hard. My sense is that people now think they have the design problem under control. So the next step is getting the installed base to move. Getting a possibly immovable installed base to move generally requires an irresistible force. Some compelling value or something bad. There is plenty of bad already, though as is usually the case the immovable base finds it easy to avert their gaze from those horrors.
This posting was triggered by a comment in yesterday’s announcement of yet another really bad flaw in DNS.
There is a update to the DNS standard known as secure dns, or DNSSEC that addresses this problem. But most people see it as nice to have rather than as a must have.
With luck that changed today. Yesterday the existence of a really really bad flaw in the the DNS protocol was publicly revealed. The actual flaw’s details were not revealed, but a massive software upgrade to temper the risk is being rolled out. But, this line in caught my attention.
“DNSSEC is the only definitive solution for this issue.”
So maybe, just maybe, we have found a upgrade forcer for DNS. This is extremely good news if your a DNS vendor of any kind. Profit! For those who are driven by fun, rather than greed, fixing DNS would allow us to use it safely for a much larger range of light weight database functions.
“Fixing” DNS with DNSSEC makes it no longer light weight.
James – You have a point there. But yet it would still be pervasive.
DNSSEC actually looks like the signed packages mirror replay attack – one source of information that needs to be mirrored/cached widely for performance but be secure against tampering.
What’s Google’s internal naming service called? Ah, Chubby, which was designed as a lock service.
That last post was prompted by a bearded BSD hacker’s issues with a DNS server that claimed it was authoritative for a domain it wasn’t, which is basically a replay attack.