Re: [dane] List of incidents that DANE would have blocked?
Olafur Gudmundsson <ogud@ogud.com> Thu, 02 October 2014 06:03 UTC
Return-Path: <ogud@ogud.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E8291A00C9 for <dane@ietfa.amsl.com>; Wed, 1 Oct 2014 23:03:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id br1sdy9gfpP5 for <dane@ietfa.amsl.com>; Wed, 1 Oct 2014 23:03:41 -0700 (PDT)
Received: from smtp100.ord1c.emailsrvr.com (smtp100.ord1c.emailsrvr.com [108.166.43.100]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A57B1A00C6 for <dane@ietf.org>; Wed, 1 Oct 2014 23:03:41 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp5.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id D1AFD180260; Thu, 2 Oct 2014 02:03:40 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp5.relay.ord1c.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 7CFC21800E2; Thu, 2 Oct 2014 02:03:39 -0400 (EDT)
X-Sender-Id: ogud@ogud.com
Received: from [10.0.1.52] ([UNAVAILABLE]. [208.72.142.196]) (using TLSv1 with cipher AES128-SHA) by 0.0.0.0:465 (trex/5.2.13); Thu, 02 Oct 2014 06:03:40 GMT
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <DD18BA26-107D-4584-ACDE-131DD3D45AE6@mac.com>
Date: Thu, 02 Oct 2014 02:03:37 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <87DFEBA9-634D-4D91-BCD6-58F48BDC60B7@ogud.com>
References: <DD18BA26-107D-4584-ACDE-131DD3D45AE6@mac.com>
To: William Stouder-Studenmund <wrstuden@mac.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/xPmVto-xkFWCZiqKbWnQ0EzvrSs
Cc: dane@ietf.org
Subject: Re: [dane] List of incidents that DANE would have blocked?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 06:03:43 -0000
Bill, short answer. Dane is about placing high value information in the DNS, with out DNSSEC that is non-sensical. Yes we had this discussion a long time ago (most of second half of 2011), the deciding point was around November 2011. starting with this message: http://www.ietf.org/mail-archive/web/dane/current/msg03748.html and this one is a followup to gather consensus http://www.ietf.org/mail-archive/web/dane/current/msg03864.html Olafur On Oct 1, 2014, at 12:37 PM, William Stouder-Studenmund <wrstuden@mac.com> wrote: > I learned about DANE recently and was excitedly talking to some operations friends of mine about it. Some of them work in shops that aren’t using DNSSEC yet, and DANE’s requirement of it would trigger push-back from management. *I* think they should be doing DNSSEC, but I’m not management. Making a case for DANE means making a case for DNSSEC. > > I get that DANE can detect a large class of MITM attacks. Saying that isn’t as convincing as handing over a list of, “DANE is designed to stop this, DANE would have stopped that one,” and so on. > > If the answer is lurking in the list archives, feel free to just point me at a date and I’ll look at that too. > > Take care, > > Bill > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane
- [dane] List of incidents that DANE would have blo… William Stouder-Studenmund
- Re: [dane] List of incidents that DANE would have… Olafur Gudmundsson
- Re: [dane] List of incidents that DANE would have… Viktor Dukhovni
- Re: [dane] List of incidents that DANE would have… William Stouder-Studenmund
- Re: [dane] List of incidents that DANE would have… William Stouder-Studenmund
- Re: [dane] List of incidents that DANE would have… Rene Bartsch
- Re: [dane] List of incidents that DANE would have… Warren Kumari