Re: [dane] Behavior in the face of no answer?

Andrew Sullivan <ajs@anvilwalrusden.com> Tue, 15 May 2012 14:57 UTC

Date: Tue, 15 May 2012 10:57:21 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dane@ietf.org
Message-ID: <20120515145721.GD20521@mail.yitter.info>
References: <CABcZeBMY26xrfvAx=UsYN2XnuONZ2vPy9tNwHQALudd=yQDvgA@mail.gmail.com> <643D87CD-D01E-47B8-82E5-D3F57D50C80B@vpnc.org> <alpine.LFD.2.02.1205142229552.10990@bofh.nohats.ca> <CABcZeBMS9cJ3m6JwJED7XAqdsF=zbTUUU_o3-opiZvqMyr7mdw@mail.gmail.com> <alpine.LFD.2.02.1205142352010.10990@bofh.nohats.ca> <20120515112154.GA20521@mail.yitter.info> <alpine.LFD.2.02.1205150816001.14601@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.02.1205150816001.14601@bofh.nohats.ca>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] Behavior in the face of no answer?
Precedence: list

On Tue, May 15, 2012 at 08:19:24AM -0400, Paul Wouters wrote:
> 
> Yes, it is as bad as the cert partrol plugin that tracks PKIX states
> in a browser. But it's better then disabling TLSA at all in the face
> of DNS errors (where we assume most errors are genuine network errors
> and not attacks).

I think ekr is arguing that use cases 0 and 1 are different than use
cases 2 and 3; it seems to me that in use cases 2 and 3, if you can't
get an answer out of the DNS you're already screwed: you can't proceed
with a TLS connection, because you don't have the necessary material
to do the negotiation.  What did I miss?

Best,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

[dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Tom Ritter
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Scott Schmit
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? John Gilmore
[dane] Network errors ARE attacks - on the end-to… John Gilmore
Re: [dane] Behavior in the face of no answer? Mark Andrews
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Yoav Nir
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… SM
Re: [dane] Network errors ARE attacks - on the en… Michael Richardson
Re: [dane] Network errors ARE attacks - on the en… Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Network errors ARE attacks - on the en… Mark Andrews
Re: [dane] Network errors ARE attacks - on the en… Warren Kumari
Re: [dane] Network errors ARE attacks - on the en… Phillip Hallam-Baker