Re: [dane] Behavior in the face of no answer?

Eric Rescorla <ekr@rtfm.com> Tue, 15 May 2012 16:56 UTC

MIME-Version: 1.0
In-Reply-To: <201205151652.q4FGqFZP020706@fs4113.wdf.sap.corp>
References: <CABcZeBPCYNV=i5rsNt_QDDE2hY+8Tw4izovAVEFjYc=ESJst+Q@mail.gmail.com> <201205151652.q4FGqFZP020706@fs4113.wdf.sap.corp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 15 May 2012 09:55:27 -0700
Message-ID: <CABcZeBOX_WGf2hv=+rdA_YG4x5Pw0--snThZh+7yRrHNRwGYeg@mail.gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset=ISO-8859-1
Cc: paul.hoffman@vpnc.org, dane@ietf.org
Subject: Re: [dane] Behavior in the face of no answer?
Precedence: list

On Tue, May 15, 2012 at 9:52 AM, Martin Rex <mrex@sap.com> wrote:
> And as a fallback, browsers could use a TLSA & server-cert lock, i.e.
> memorizing information from the last visit of a site and using that
> to perform server endpoint identification in case that DNSSEC lookups
> fail when roaming.

At which point it's hard to understand how this is better than cert pinning
via HSTS.

-Ekr

[dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Tom Ritter
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Scott Schmit
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? John Gilmore
[dane] Network errors ARE attacks - on the end-to… John Gilmore
Re: [dane] Behavior in the face of no answer? Mark Andrews
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Yoav Nir
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… SM
Re: [dane] Network errors ARE attacks - on the en… Michael Richardson
Re: [dane] Network errors ARE attacks - on the en… Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Network errors ARE attacks - on the en… Mark Andrews
Re: [dane] Network errors ARE attacks - on the en… Warren Kumari
Re: [dane] Network errors ARE attacks - on the en… Phillip Hallam-Baker