[dane] List of incidents that DANE would have blocked?
William Stouder-Studenmund <wrstuden@mac.com> Wed, 01 October 2014 16:37 UTC
Return-Path: <wrstuden@mac.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 911CC1A1ACC for <dane@ietfa.amsl.com>; Wed, 1 Oct 2014 09:37:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.987
X-Spam-Level:
X-Spam-Status: No, score=0.987 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FREEMAIL_FROM=0.001, MALFORMED_FREEMAIL=1.487, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 385tcniSvxcF for <dane@ietfa.amsl.com>; Wed, 1 Oct 2014 09:37:27 -0700 (PDT)
Received: from mr11p24im-asmtp002.me.com (mr11p24im-asmtp002.me.com [17.110.78.42]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06AA21ACE88 for <dane@ietf.org>; Wed, 1 Oct 2014 09:37:27 -0700 (PDT)
Received: from [17.114.110.91] (unknown [17.114.110.91]) by mr11p24im-asmtp002.me.com (Oracle Communications Messaging Server 7u4-27.10(7.0.4.27.9) 64bit (built Jun 6 2014)) with ESMTPSA id <0NCR00G7VY5XLK00@mr11p24im-asmtp002.me.com> for dane@ietf.org; Wed, 01 Oct 2014 16:37:10 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52,1.0.28,0.0.0000 definitions=2014-10-01_06:2014-10-01,2014-10-01,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1410010161
From: William Stouder-Studenmund <wrstuden@mac.com>
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: quoted-printable
Date: Wed, 01 Oct 2014 09:37:08 -0700
Message-id: <DD18BA26-107D-4584-ACDE-131DD3D45AE6@mac.com>
To: dane@ietf.org
MIME-version: 1.0 (Mac OS X Mail 8.0 \(1985.3\))
X-Mailer: Apple Mail (2.1985.3)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/ylTpPIy6rJ1O-U970U0HwfRgA14
Subject: [dane] List of incidents that DANE would have blocked?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 16:37:27 -0000
I learned about DANE recently and was excitedly talking to some operations friends of mine about it. Some of them work in shops that aren’t using DNSSEC yet, and DANE’s requirement of it would trigger push-back from management. *I* think they should be doing DNSSEC, but I’m not management. Making a case for DANE means making a case for DNSSEC. I get that DANE can detect a large class of MITM attacks. Saying that isn’t as convincing as handing over a list of, “DANE is designed to stop this, DANE would have stopped that one,” and so on. If the answer is lurking in the list archives, feel free to just point me at a date and I’ll look at that too. Take care, Bill
- [dane] List of incidents that DANE would have blo… William Stouder-Studenmund
- Re: [dane] List of incidents that DANE would have… Olafur Gudmundsson
- Re: [dane] List of incidents that DANE would have… Viktor Dukhovni
- Re: [dane] List of incidents that DANE would have… William Stouder-Studenmund
- Re: [dane] List of incidents that DANE would have… William Stouder-Studenmund
- Re: [dane] List of incidents that DANE would have… Rene Bartsch
- Re: [dane] List of incidents that DANE would have… Warren Kumari