IETF Logo Mail Archive

Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)

Andrew Sullivan <ajs@anvilwalrusden.com> Sun, 10 August 2014 22:37 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B2991A010E for <ietf@ietfa.amsl.com>; Sun, 10 Aug 2014 15:37:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.141
X-Spam-Level:
X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id elQgmU5QcVt0 for <ietf@ietfa.amsl.com>; Sun, 10 Aug 2014 15:37:30 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68B661A00F5 for <ietf@ietf.org>; Sun, 10 Aug 2014 15:37:30 -0700 (PDT)
Received: from mx1.yitter.info (c-76-118-173-172.hsd1.nh.comcast.net [76.118.173.172]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 728D68A031 for <ietf@ietf.org>; Sun, 10 Aug 2014 22:37:28 +0000 (UTC)
Date: Sun, 10 Aug 2014 18:37:26 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: ietf@ietf.org
Subject: Re: [saag] What does DNSSec protect? (Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC)
Message-ID: <20140810223726.GC40040@mx1.yitter.info>
References: <5B9A4046A1CB9ECDF6B77ACC@JcK-HP8200.jck.com> <20140810173503.86832.qmail@joyce.lan> <20140810181807.GA84281@mx1.yitter.info> <17F130BD6920FB05E6A82823@JcK-HP8200.jck.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <17F130BD6920FB05E6A82823@JcK-HP8200.jck.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/uuLuXzLfzJ2OPFADLcVOD72SIJ8
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Aug 2014 22:37:31 -0000

On Sun, Aug 10, 2014 at 03:37:10PM -0400, John C Klensin wrote:
> statements we make about it when we are being careful.   It is
> about people engaging in hyperbole of the nature of "you have
> DNSSEC, now you are safe" (with the implication of "from all
> sorts of attacks") or using other language that implies that the
> threats that you (and John L.) have identified.  

Yes, I'm sorry.  I was over-reacting to something John L. said,
because I've recently been subject to a long harangue about how DNSSEC
doesn't protect anything at all.  My apologies to all.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.37.1 | Report a Bug | By Email | System Status