IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: Malware adopting DoH

Jim Reid <jim@rfc1035.com> Fri, 13 September 2019 15:58 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9593512007C for <add@ietfa.amsl.com>; Fri, 13 Sep 2019 08:58:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N3QkNmtHUEpQ for <add@ietfa.amsl.com>; Fri, 13 Sep 2019 08:58:28 -0700 (PDT)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D41C12001E for <add@ietf.org>; Fri, 13 Sep 2019 08:58:28 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 586262421538; Fri, 13 Sep 2019 15:58:25 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <2A997AD4-7D2B-494C-AFA6-42017A882F56@fugue.com>
Date: Fri, 13 Sep 2019 16:58:24 +0100
Cc: ADD Mailing list <add@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F31D22BC-5361-442A-8883-B4095E75E06C@rfc1035.com>
References: <18DC59F2-C9D8-4515-B3CD-4D9772D4E3E6@rfc1035.com> <2A997AD4-7D2B-494C-AFA6-42017A882F56@fugue.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/u3H1tDgXYeJHW9lC5L7D60ewPtI>
X-Mailman-Approved-At: Sat, 14 Sep 2019 08:42:40 -0700
Subject: Re: [Add] [EXTERNAL] Re: Malware adopting DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 15:58:30 -0000


> On 13 Sep 2019, at 15:53, Ted Lemon <mellon@fugue.com> wrote:
> 
> Jim, this is just a non sequitur.   For the case of blocking malware, if the malware has fewer choices, it is easier, not harder, to block.

I’m not so sure it is a non-sequitur Ted. Aside from the competition/consolidation concerns which may well be out of scope for the IETF, centralisation is bad engineering because it introduces avoidable single points of failure. And control.

If malware has fewer “gatekeepers” to evade, surely that makes it easier for those developing and distributing that stuff? Or to use an analogy, would virus writers have an easier or harder time of it if there was just one company providing anti-virus protection?

If you think the issue I raised is a non-sequitur, we can just agree to disagree.

v2.23.0 | Report a Bug | By Email