Re: [dane] Network errors ARE attacks - on the end-to-end-principle

Yoav Nir <ynir@checkpoint.com> Wed, 16 May 2012 10:32 UTC

From: Yoav Nir <ynir@checkpoint.com>
To: "mrex@sap.com" <mrex@sap.com>
Date: Wed, 16 May 2012 13:31:50 +0300
Thread-Topic: [dane] Network errors ARE attacks - on the end-to-end-principle
Thread-Index: Ac0zTxzV7uZf/OjoSvqm55aBwXtueg==
Message-ID: <1C09F467-004B-4EB7-87C2-92CBDF74E967@checkpoint.com>
References: <201205160943.q4G9hXOJ017665@fs4113.wdf.sap.corp>
In-Reply-To: <201205160943.q4G9hXOJ017665@fs4113.wdf.sap.corp>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dane@ietf.org" <dane@ietf.org>
Subject: Re: [dane] Network errors ARE attacks - on the end-to-end-principle
Precedence: list

On May 16, 2012, at 12:43 PM, Martin Rex wrote:

> John Gilmore wrote:
>> 
>>> But it's better then disabling TLSA at all in the face
>>> of DNS errors (where we assume most errors are genuine network errors
>>> and not attacks).
>> 
>> "Genuine network errors" from buggy proxies or intentional firewalls
>> or intentional or accidental censorship systems ARE attacks.  They are
>> attacks on the fundamental end-to-end premise of the Internet.
> 
> Where have you been during the last 10 years?
> There is no such thing an a "fundamental end-to-end premise" on the
> Internet.  And if it ever existed, it ceased to exist ~10 years ago.

15. Most networks have a NAT, including almost all home networks. Most corporate networks have some kind of firewall. If you want end-to-end, you have to roll your own through IPsec or TLS, and even then you're likely to get load balancers at the server side, and the occasional decrypting proxy on the client side.

Yoav

[dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Tom Ritter
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Scott Schmit
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? John Gilmore
[dane] Network errors ARE attacks - on the end-to… John Gilmore
Re: [dane] Behavior in the face of no answer? Mark Andrews
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Yoav Nir
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… SM
Re: [dane] Network errors ARE attacks - on the en… Michael Richardson
Re: [dane] Network errors ARE attacks - on the en… Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Network errors ARE attacks - on the en… Mark Andrews
Re: [dane] Network errors ARE attacks - on the en… Warren Kumari
Re: [dane] Network errors ARE attacks - on the en… Phillip Hallam-Baker