IETF Logo Mail Archive

Re: how many angels can dance on the head of a pin?

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 10 August 2008 15:47 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9950528C167; Sun, 10 Aug 2008 08:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[AWL=-1.953, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9pk93g8KKBxH; Sun, 10 Aug 2008 08:47:01 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 999103A6B36; Sun, 10 Aug 2008 08:47:01 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KSD1Y-0000y0-SS for namedroppers-data@psg.com; Sun, 10 Aug 2008 15:40:04 +0000
Received: from [192.245.12.227] (helo=balder-227.proper.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <paul.hoffman@vpnc.org>) id 1KSD1V-0000x8-C0 for namedroppers@ops.ietf.org; Sun, 10 Aug 2008 15:40:03 +0000
Received: from [165.227.249.203] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m7AFchOn052948 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <namedroppers@ops.ietf.org>; Sun, 10 Aug 2008 08:38:44 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240827c4c4ba39d0f9@[165.227.249.203]>
In-Reply-To: <20080810042136.GA18568@vacation.karoshi.com.>
References: <200808080237.m782bBqk005628@drugs.dv.isc.org> <489BBA1C.1040107@e164.org> <489E4D44.1080306@links.org> <20080810042136.GA18568@vacation.karoshi.com.>
Date: Sun, 10 Aug 2008 08:38:41 -0700
To: Namedroppers <namedroppers@ops.ietf.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: how many angels can dance on the head of a pin?
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

"Caching" is not the currently-discussed problem: it is a too-brief 
shorthand for the currently-discussed problem.

A better problem statement might be "caches (a) that can be easily 
poisoned and (b) from which data that will be trusted by compliant 
resolvers will be served". This WG seems to be trying to make (a) 
harder to make the attack harder.

We haven't spent much time analyzing how to fix (b), which might give 
us a much better fix. Assuming a poisoned cache, if either the poison 
is never emitted from the cache, or if resolvers stop believing 
emitted poison, the attack fails completely.

--Paul Hoffman, Director
--VPN Consortium

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email