IETF Logo Mail Archive

Re: OFFTOPIC: DNSSEC groupthink versus improving DNS

Duane <duane@e164.org> Fri, 08 August 2008 03:18 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC2C63A67A8; Thu, 7 Aug 2008 20:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D26LZEtHDZUg; Thu, 7 Aug 2008 20:18:28 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id DCD113A6954; Thu, 7 Aug 2008 20:18:27 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KRIRB-000Kzx-5T for namedroppers-data@psg.com; Fri, 08 Aug 2008 03:14:45 +0000
Received: from [208.82.100.153] (helo=mail.aus-biz.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <duane@e164.org>) id 1KRIR7-000KzM-QE for namedroppers@ops.ietf.org; Fri, 08 Aug 2008 03:14:43 +0000
Received: from [192.168.100.244] (dsl-48-19.qld1.net.au [125.168.48.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.aus-biz.com (Postfix) with ESMTPSA id 2C2D4FF26C; Fri, 8 Aug 2008 13:14:42 +1000 (EST)
Message-ID: <489BBA1C.1040107@e164.org>
Date: Fri, 08 Aug 2008 13:14:36 +1000
From: Duane <duane@e164.org>
User-Agent: Thunderbird 2.0.0.16 (X11/20080724)
MIME-Version: 1.0
To: Mark Andrews <Mark_Andrews@isc.org>
CC: Paul Vixie <vixie@isc.org>, bert hubert <bert.hubert@netherlabs.nl>, Namedroppers <namedroppers@ops.ietf.org>
Subject: Re: OFFTOPIC: DNSSEC groupthink versus improving DNS
References: <200808080237.m782bBqk005628@drugs.dv.isc.org>
In-Reply-To: <200808080237.m782bBqk005628@drugs.dv.isc.org>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Mark Andrews wrote:

> 	Well we could stop caching any DNS data.  That's the only
> 	way to make it match the credit card industry model where
> 	changes are instantly available.

Anyone have any idea how many credit card transactions per second occur?

Seems to me they are very similar in topology, so even if you only
cached information for a small amount of time that would mitigate most
attacks people seem to be so concerned about at present.

Since the window of opportunity for these sort of attacks would be
greatly reduced, the cost to commit these types of attacks would greatly
increase if not be virtually impossible to commit on any kind of scale
worth doing, so problem solved.

-- 

Best regards,
 Duane

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email