Re: dictionary attack on nameservers
Roy Badami <roy@gnomon.org.uk> Tue, 07 September 2004 21:57 UTC
From: Roy Badami <roy@gnomon.org.uk>
Subject: Re: dictionary attack on nameservers
Date: Tue, 07 Sep 2004 22:57:30 +0100
Lines: 37
Sender: owner-namedroppers@ops.ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-From: owner-namedroppers@ops.ietf.org Wed Sep 08 00:06:41 2004
Return-path: <owner-namedroppers@ops.ietf.org>
To: namedroppers@ops.ietf.org
X-Mailer: VM 7.18 under Emacs 21.3.1
X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes)
X-Primary-Address: roy@gnomon.org.uk
Received-SPF: pass (spike.gnomon.org.uk: 81.100.86.162 is authenticated by a trusted mechanism)
X-Virus-Scanned: clamd / ClamAV version 0.73, clamav-milter version 0.73a on spike.gnomon.org.uk
X-Virus-Status: Clean
Precedence: bulk
X-Message-ID:
Message-ID: <20140418071920.2560.54666.ARCHIVE@ietfa.amsl.com>
I hadn't been intending to respond to the chairs' call for 20-line summaries, since I regard myself as an intersted bystander rather than an active WG member... However Olaf contacted me privately requesting I do so, so here goes... -------- I regard it as highly desirably to reach some sort of consensus that includes those ccTLDs that have concerns about enumeration, and realistically I think that means addressing their requirements, rather than convincing them to change their requirements. I'm pleased that the co-chairs seem to concur that this is worth persuing... I don't have any strong feelings as to the shape that the technical solution should take though I note that Bloom filters have been completely neglected in recent discussions, and I think they may still be of possible value -- see for example Steve Bellovin's ID http://www.research.att.com/~smb/papers/draft-bellovin-dnsext-bloomfilt-00.txt I would argue that authenticated denial is important in a TLD, and that provably-insecure delegations are vital, as without them the level of security offered to customers of that TLD is diminished. I note also that if some TLDs choose not to offer these security guarantees, then there will be no incentive for their customers to migrate away from transitional mechanisms such as Paul Vixie's DLV (which does offer those guarantees, at least to participating resolvers). -roy -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: dictionary attack on nameservers Doron Shikmoni
- dictionary attack on nameservers Miek Gieben
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Samuel Weiler
- Re: dictionary attack on nameservers Miek Gieben
- RE: dictionary attack on nameservers Christian Huitema
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Peter Koch
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attack on nameservers Jay Daley
- Re: dictionary attack on nameservers Olaf M. Kolkman
- consensus first, was Re: dictionary attack on nam… Roy Arends
- Re: dictionary attack on nameservers Stephane Bortzmeyer
- Re: dictionary attack on nameservers Geoffrey Sisson
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attack on nameservers Geoffrey Sisson
- Re: dictionary attack on nameservers Stephane Bortzmeyer
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attack on nameservers Jay Daley
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attack on nameservers Damien Miller
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attack on nameservers Jay Daley
- Re: dictionary attack on nameservers Edward Lewis
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Andras Salamon
- Re: dictionary attack on nameservers Greg Hudson
- Re: dictionary attack on nameservers Ted Hardie
- Re: dictionary attack on nameservers Miek Gieben
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Jay Daley
- Re: dictionary attack on nameservers Roy Badami
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Roy Badami
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Roy Badami
- Re: dictionary attack on nameservers Eric Brunner-Williams in Portland Maine
- Re: dictionary attack on nameservers Danny Mayer
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Greg Hudson
- Re: dictionary attack on nameservers Alex Bligh
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Stephane Bortzmeyer
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Stephane Bortzmeyer
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Ben Laurie
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- RE: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers George Michaelson
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Peter Koch
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Peter Koch
- Re: dictionary attack on nameservers Danny Mayer
- Re: dictionary attack on nameservers Miek Gieben
- Re: dictionary attack on nameservers Simon Josefsson
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers David Blacka
- Re: dictionary attack on nameservers Edward Lewis
- Re: dictionary attack on nameservers Danny Mayer
- Re: dictionary attack on nameservers David Blacka
- Re: dictionary attack on nameservers David Blacka
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers kent
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers David Blacka
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Ted Lindgreen
- Re: dictionary attacks bmanning
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- RE: dictionary attack on nameservers Ted Lindgreen
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers David Blacka
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- RE: dictionary attack on nameservers Greg Hudson
- Re: dictionary attack on nameservers bmanning
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Eric A. Hall
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Roy Arends
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Florian Weimer
- Re: dictionary attack on nameservers Bruce Campbell
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers kent crispin
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers kent crispin
- Re: dictionary attack on nameservers Bruce Campbell
- Re: dictionary attack on nameservers Edward Lewis
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Greg Hudson
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Ben Laurie
- a challenge for privacy violators D. J. Bernstein
- RE: dictionary attack on nameservers Hallam-Baker, Phillip
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Paul Vixie
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Danny Mayer
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Roy Badami
- Re: dictionary attack on nameservers Olaf M. Kolkman
- Re: dictionary attack on nameservers Miek Gieben
- Re: dictionary attack on nameservers Jelte Jansen
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Simon Josefsson
- Re: dictionary attack on nameservers Roy Arends
- Re: dictionary attack on nameservers Ben Laurie
- Re: dictionary attack on nameservers Peter Koch
- Re: dictionary attack on nameservers Mark Andrews
- Re: Avoiding collisions - desirability & possibil… Mark Andrews
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Marcos Sanz/Denic
- Re: dictionary attack on nameservers Mark Andrews
- Re: dictionary attack on nameservers Jim Reid
- Re: dictionary attack on nameservers Alex Bligh
- Re: dictionary attack on nameservers Simon Josefsson
- Re: dictionary attack on nameservers Robert Elz
- Avoiding collisions - desirability & possibility … Alex Bligh
- Re: Avoiding collisions - desirability & possibil… Robert Elz
- Re: Avoiding collisions - desirability & possibil… Alex Bligh
- Re: dictionary attack on nameservers Simon Josefsson
- was Re: dictionary attack on nameservers Edward Lewis
- Re: Avoiding collisions - desirability & possibil… Edward Lewis
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: Avoiding collisions - desirability & possibil… Robert Elz
- Re: Avoiding collisions - desirability & possibil… Ben Laurie
- Re: dictionary attack on nameservers Samuel Weiler
- Re: progress on wcard draft Paul Vixie
- Re: EDNS0 numbers Paul Vixie
- Re: TCP response with truncated bit set? Paul Vixie
- Re: Use same server after truncated response? Paul Vixie