IETF Logo Mail Archive

Re: [dane] Network errors ARE attacks - on the end-to-end-principle

Warren Kumari <warren@kumari.net> Wed, 16 May 2012 23:21 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C88EF21F877E for <dane@ietfa.amsl.com>; Wed, 16 May 2012 16:21:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.154
X-Spam-Level:
X-Spam-Status: No, score=-106.154 tagged_above=-999 required=5 tests=[AWL=0.445, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4TpUjQUdBCTx for <dane@ietfa.amsl.com>; Wed, 16 May 2012 16:21:57 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 38A5821F8758 for <dane@ietf.org>; Wed, 16 May 2012 16:21:53 -0700 (PDT)
Received: from [192.168.0.12] (unknown [64.13.52.115]) by vimes.kumari.net (Postfix) with ESMTPSA id 9DAEB1B402CA; Wed, 16 May 2012 19:21:52 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=windows-1252
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <20120516151946.GJ26714@mail.yitter.info>
Date: Wed, 16 May 2012 19:21:56 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7CED0263-3C3F-4016-B078-3CC34802B8E5@kumari.net>
References: <CABcZeBMY26xrfvAx=UsYN2XnuONZ2vPy9tNwHQALudd=yQDvgA@mail.gmail.com> <643D87CD-D01E-47B8-82E5-D3F57D50C80B@vpnc.org> <alpine.LFD.2.02.1205142229552.10990@bofh.nohats.ca> <CABcZeBMS9cJ3m6JwJED7XAqdsF=zbTUUU_o3-opiZvqMyr7mdw@mail.gmail.com> <alpine.LFD.2.02.1205142352010.10990@bofh.nohats.ca> <20120515112154.GA20521@mail.yitter.info> <alpine.LFD.2.02.1205150816001.14601@bofh.nohats.ca> <201205160213.q4G2DGcF017008@new.toad.com> <20120516151946.GJ26714@mail.yitter.info>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
X-Mailer: Apple Mail (2.1257)
Cc: dane@ietf.org
Subject: Re: [dane] Network errors ARE attacks - on the end-to-end-principle
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 23:22:00 -0000

On May 16, 2012, at 11:19 AM, Andrew Sullivan wrote:

> On Tue, May 15, 2012 at 07:13:16PM -0700, John Gilmore wrote:
> 
>> "Genuine network errors" from buggy proxies or intentional firewalls
>> or intentional or accidental censorship systems ARE attacks.  They are
>> attacks on the fundamental end-to-end premise of the Internet.
> 
> But (1) bugs are different from intentional blockage and (2) not all
> of this is strictly speaking buggy.  The fact that some ancient
> gateway can't cope with RRTYPEs it doesn't know is, IMO, a disgrace;
> but they can say (correctly) that they just don't implement that RFC,
> and be quite right.  I would like the market to reject such devices as
> useless, but it hasn't yet.
> 
>> But the end result will be that (1) users will realize they are being
>> censored; (2) providers will clean up the accidental and whim-related
>> censorship; and (3) users will migrate to providers who offer them
>> reliable end-to-end service without interruptions for the provider's
>> convenience or profit.
> 
> I suppose that the above is intended to argue that the market will
> reject such devices as useless.  I think we have a first mover
> principle in the way, however.  These "users" of which you speak would
> need to form a fairly detailed theory of operation of the Internet in
> order to understand what the problem is.  I don't believe that most of
> them will, and I don't think they ought to need to either.  Therefore,
> I would prefer that we build documents that permit useful incremental
> addition of features to the network.
> 
> To drag this back on topic,

Thank you -- I was away from mail for part of today and this thread was going *way* off-topic…

*Please*, lets try and keep this (and other threads on dane@) on-topic, and civil….

> in light of the above I need to think
> harder about the argument, elsewhere in this thread, that uses 2 and 3
> are also undermined by the no-answer attack, because if that's the
> case then I suspect DANE is undeployable as it stands.



> 
> Best,
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs@anvilwalrusden.com
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
>

v2.8.7 | Report a Bug | By Email