Re: [perpass] A reminder, the Network is the Enemy...

David Conrad <drc@virtualized.org> Tue, 03 December 2013 20:12 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 708581AC404 for <perpass@ietfa.amsl.com>; Tue, 3 Dec 2013 12:12:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AnXP-5k2lTLh for <perpass@ietfa.amsl.com>; Tue, 3 Dec 2013 12:12:34 -0800 (PST)
Received: from alpha.virtualized.org (alpha.virtualized.org [199.233.229.186]) by ietfa.amsl.com (Postfix) with ESMTP id 209091AD8F5 for <perpass@ietf.org>; Tue, 3 Dec 2013 12:12:33 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by alpha.virtualized.org (Postfix) with ESMTP id 27712863E0; Tue, 3 Dec 2013 15:12:30 -0500 (EST)
Received: from alpha.virtualized.org ([127.0.0.1]) by localhost (alpha.virtualized.org [127.0.0.1]) (maiad, port 10024) with ESMTP id 00405-09; Tue, 3 Dec 2013 15:12:29 -0500 (EST)
Received: from [10.0.1.6] (c-24-4-109-25.hsd1.ca.comcast.net [24.4.109.25]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: drc@virtualized.org) by alpha.virtualized.org (Postfix) with ESMTPSA id D8330863C6; Tue, 3 Dec 2013 15:12:28 -0500 (EST)
Content-Type: multipart/signed; boundary="Apple-Mail=_A198F4AA-051B-4B6B-A73F-0999EFD2D225"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20131203144652.GA3144@nic.fr>
Date: Tue, 3 Dec 2013 12:12:26 -0800
Message-Id: <5607F638-E332-4C6A-AC97-50AD738D56CB@virtualized.org>
References: <9B79CCC3-853E-42F4-8390-ED0EE019C275@icsi.berkeley.edu> <20131127150548.GA25960@nic.fr> <C0D19C51-6EA6-4EAF-B9CB-D80F673262E5@icsi.berkeley.edu> <20131203144652.GA3144@nic.fr>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.1822)
Cc: perpass@ietf.org, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [perpass] A reminder, the Network is the Enemy...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2013 20:12:36 -0000

On Dec 3, 2013, at 6:46 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> On Mon, Dec 02, 2013 at 08:56:26AM -0800,
> Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> wrote a message of 112 lines which said:
>> Actually spoofing DNSSEC replies even with knowledge of the root key
>> is going to be difficult...
> 
> Very convincing reasoning. But I would feel better if it were actually
> tested in a lab with common resolvers. Any volunteer here?

I think a better target for that question would be dns-operations@lists.dns-oarc.net :)

Regards,
-drc