Re: dictionary attack on nameservers
Roy Badami <roy@gnomon.org.uk> Tue, 07 September 2004 22:02 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA11387 for <dnsext-archive@lists.ietf.org>; Tue, 7 Sep 2004 18:02:29 -0400 (EDT)
Received: from majordom by psg.com with local (Exim 4.41 (FreeBSD)) id 1C4nyU-000HWC-CT for namedroppers-data@psg.com; Tue, 07 Sep 2004 21:58:02 +0000
Received: from [66.45.230.132] (helo=spike.gnomon.org.uk) by psg.com with esmtp (Exim 4.41 (FreeBSD)) id 1C4nyB-000HTN-Bi for namedroppers@ops.ietf.org; Tue, 07 Sep 2004 21:57:43 +0000
Received: from giles.gnomon.org.uk (cpc4-cmbg2-5-0-cust162.cmbg.cable.ntl.com [81.100.86.162]) by spike.gnomon.org.uk (8.13.0/8.13.0) with ESMTP id i87LxPKe035454 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <namedroppers@ops.ietf.org>; Tue, 7 Sep 2004 21:59:31 GMT (envelope-from roy+dated+1097186251.04d2f1@gnomon.org.uk)
Received: from giles.gnomon.org.uk (localhost.gnomon.org.uk [127.0.0.1]) by giles.gnomon.org.uk (8.13.0/8.13.0) with ESMTP id i87LvZEp079783 for <namedroppers@ops.ietf.org>; Tue, 7 Sep 2004 22:57:35 +0100 (BST) (envelope-from roy+dated+1097186251.04d2f1@giles.gnomon.org.uk)
Received: (from roy@localhost) by giles.gnomon.org.uk (8.13.0/8.13.0/Submit) id i87LvVNl079782 for namedroppers@ops.ietf.org; Tue, 7 Sep 2004 22:57:31 +0100 (BST) (envelope-from roy+dated+1097186251.04d2f1@giles.gnomon.org.uk)
Received: by giles.gnomon.org.uk (tmda-sendmail, from uid 559); Tue, 07 Sep 2004 22:57:31 +0100 (BST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16702.11978.922191.709874@giles.gnomon.org.uk>
Date: Tue, 07 Sep 2004 22:57:30 +0100
To: namedroppers@ops.ietf.org
Subject: Re: dictionary attack on nameservers
X-Mailer: VM 7.18 under Emacs 21.3.1
From: Roy Badami <roy@gnomon.org.uk>
X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes)
X-Primary-Address: roy@gnomon.org.uk
Received-SPF: pass (spike.gnomon.org.uk: 81.100.86.162 is authenticated by a trusted mechanism)
X-Virus-Scanned: clamd / ClamAV version 0.73, clamav-milter version 0.73a on spike.gnomon.org.uk
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on psg.com
X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
I hadn't been intending to respond to the chairs' call for 20-line summaries, since I regard myself as an intersted bystander rather than an active WG member... However Olaf contacted me privately requesting I do so, so here goes... -------- I regard it as highly desirably to reach some sort of consensus that includes those ccTLDs that have concerns about enumeration, and realistically I think that means addressing their requirements, rather than convincing them to change their requirements. I'm pleased that the co-chairs seem to concur that this is worth persuing... I don't have any strong feelings as to the shape that the technical solution should take though I note that Bloom filters have been completely neglected in recent discussions, and I think they may still be of possible value -- see for example Steve Bellovin's ID http://www.research.att.com/~smb/papers/draft-bellovin-dnsext-bloomfilt-00.txt I would argue that authenticated denial is important in a TLD, and that provably-insecure delegations are vital, as without them the level of security offered to customers of that TLD is diminished. I note also that if some TLDs choose not to offer these security guarantees, then there will be no incentive for their customers to migrate away from transitional mechanisms such as Paul Vixie's DLV (which does offer those guarantees, at least to participating resolvers). -roy -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Alex Bligh
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers D. J. Bernstein
- Re: dictionary attack on nameservers Eric A. Hall
- Re: dictionary attack on nameservers Alex Bligh
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Bill Sommerfeld
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Simon Josefsson
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Roy Arends
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Peter Koch
- Re: dictionary attack on nameservers Jelte Jansen
- Re: dictionary attack on nameservers David Blacka
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Simon Josefsson
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Ben Laurie
- Re: Avoiding collisions - desirability & possibil… Edward Lewis
- Re: dictionary attack on nameservers Danny Mayer
- Re: dictionary attack on nameservers Stephane Bortzmeyer
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Ted Hardie
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers David Blacka
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Doron Shikmoni
- Re: dictionary attack on nameservers Peter Koch
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Danny Mayer
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Samuel Weiler
- Re: dictionary attack on nameservers Stephane Bortzmeyer
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Roy Badami
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Ben Laurie
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Danny Mayer
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Ben Laurie
- Re: Avoiding collisions - desirability & possibil… Robert Elz
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: dictionary attack on nameservers David Blacka
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers kent crispin
- RE: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers D. J. Bernstein
- a challenge for privacy violators D. J. Bernstein
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Miek Gieben
- Re: dictionary attack on nameservers kent crispin
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Roy Badami
- Re: dictionary attack on nameservers George Michaelson
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Edward Lewis
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Damien Miller
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Jay Daley
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Alex Bligh
- Re: Avoiding collisions - desirability & possibil… Mark Andrews
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Alex Bligh
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Roy Badami
- Re: Avoiding collisions - desirability & possibil… Roy Arends
- Re: dictionary attack on nameservers Paul Vixie
- Avoiding collisions - desirability & possibility … Alex Bligh
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Edward Lewis
- Re: dictionary attack on nameservers Roy Arends
- Re: Avoiding collisions - desirability & possibil… Jim Reid
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Greg Hudson
- Re: dictionary attack on nameservers Bruce Campbell
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Miek Gieben
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Simon Josefsson
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- RE: dictionary attack on nameservers Greg Hudson
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers kent
- Re: dictionary attack on nameservers kent crispin
- Re: dictionary attack on nameservers Danny Mayer
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Edward Lewis
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers David Blacka
- Re: dictionary attack on nameservers Mark Andrews
- Re: dictionary attack on nameservers Chris Thompson
- Re: dictionary attack on nameservers Robert Elz
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Greg Hudson
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Roy Badami
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Bruce Campbell
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Bill Sommerfeld
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Greg Hudson
- RE: dictionary attack on nameservers Ted Lindgreen
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: Avoiding collisions - desirability & possibil… Alex Bligh
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Bill Sommerfeld
- Re: dictionary attack on nameservers Mark Andrews
- Re: dictionary attack on nameservers Edward Lewis
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Greg Hudson
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: hopefully was RE: dictionary attack on namese… Ben Laurie
- Re: dictionary attack on nameservers Simon Josefsson
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers David Blacka
- Re: hopefully was RE: dictionary attack on namese… Edward Lewis
- Re: dictionary attack on nameservers Peter Koch
- Re: Avoiding collisions - desirability & possibil… Mark Andrews