Re: [dns-privacy] Core effort
Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 24 March 2014 11:21 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E0AD1A01CC for <dns-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 04:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.14
X-Spam-Level: *
X-Spam-Status: No, score=1.14 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyZS0-SHHhLt for <dns-privacy@ietfa.amsl.com>; Mon, 24 Mar 2014 04:21:36 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) by ietfa.amsl.com (Postfix) with ESMTP id B3A171A0195 for <dns-privacy@ietf.org>; Mon, 24 Mar 2014 04:21:36 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id B23252803BB; Mon, 24 Mar 2014 12:21:35 +0100 (CET)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id ADAC22803B8; Mon, 24 Mar 2014 12:21:35 +0100 (CET)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [IPv6:2001:67c:1348:8::7:113]) by relay1.nic.fr (Postfix) with ESMTP id AC4294C0029; Mon, 24 Mar 2014 12:21:05 +0100 (CET)
Date: Mon, 24 Mar 2014 12:21:05 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Ted Hardie <ted.ietf@gmail.com>
Message-ID: <20140324112105.GB24967@nic.fr>
References: <CA+9kkMBBeGVq12ON+RR1ttRf7FX6LyxXVuv-X2SPGpEbiut2Zw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA+9kkMBBeGVq12ON+RR1ttRf7FX6LyxXVuv-X2SPGpEbiut2Zw@mail.gmail.com>
X-Operating-System: Debian GNU/Linux 7.4
X-Kernel: Linux 3.2.0-4-686-pae i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/tw6AwVnEfsClbY1U36cCVGzN0s0
Cc: dns-privacy@ietf.org
Subject: Re: [dns-privacy] Core effort
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 11:21:38 -0000
On Fri, Mar 21, 2014 at 03:51:30PM -0700, Ted Hardie <ted.ietf@gmail.com> wrote a message of 58 lines which said: > We may eventually get to active attacks as well, but those aren't likely to > be occurring at the moment because they aren't required; passive monitoring > of a cleartext protocol is enough. > > Do we have agreement that this is the core of what we're setting out to do? Not for me. The problem is that "active" or "passive" depends on the layer. According to Snowden files, the NSA is doing _active_ attacks (injecting packets with QUANTUM, planting malware with FOXACID) for the purpose of conducting _passive_ data collection. So, I do not think we should limit ourselves to passive attacks. I like the idea (in draft-hallambaker-dnse) to have several levels of security (against a purely passive attacker, against an active attacker but with a trusted first contact, against an active attacker in every case, etc).
- [dns-privacy] Core effort Ted Hardie
- Re: [dns-privacy] Core effort Stephen Farrell
- Re: [dns-privacy] Core effort Phillip Hallam-Baker
- Re: [dns-privacy] Core effort Stephane Bortzmeyer
- Re: [dns-privacy] Core effort Petr Spacek
- Re: [dns-privacy] Core effort Phillip Hallam-Baker