IETF Logo Mail Archive

Re: [therightkey] [dane] DANE and CT

Phillip Hallam-Baker <hallam@gmail.com> Fri, 16 November 2012 00:14 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B44BC1F0C6E; Thu, 15 Nov 2012 16:14:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.215
X-Spam-Level:
X-Spam-Status: No, score=-4.215 tagged_above=-999 required=5 tests=[AWL=-0.617, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZHgVPyk8YYKS; Thu, 15 Nov 2012 16:14:22 -0800 (PST)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id CE4D71F0C44; Thu, 15 Nov 2012 16:14:21 -0800 (PST)
Received: by mail-ob0-f172.google.com with SMTP id ef5so2407659obb.31 for <multiple recipients>; Thu, 15 Nov 2012 16:14:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mYoJVbnz/zJbjVxUvhDUtPO8cU18fottomDMknAjJRs=; b=KJg2AIgy/YK5Fy4D5W/g8XTyioAkNAT2/qUtdWakzhdELWqruaxAj/ryrn46tqCzDI MkmaMfMYiYOR5XrE8c6ACP9ZPjdjub6ZYq5pW/9+0v5nWPzgS5p99gjNcfmudc+IOc9w 7jLX2HL7kIY5YNhASYfiwxzwdS4Rf9I8/FGA1y7Wk1tey/LP5ox18ijb3RU/dLibhjes CMGSy6ucX8j7u5Hgbr1RmAQYooY2y3VAT0Cu3cwYHlAHSZS83MtFKDlpxUyrCuffEixw 2VuvoIVQIDUQsjZP4JZqWhJrhkxUEsj12ub9DbeJ+GvBfXoBYz4fTLOMq89DqTxC9Ovf Kcfw==
MIME-Version: 1.0
Received: by 10.60.5.232 with SMTP id v8mr2437002oev.26.1353024861305; Thu, 15 Nov 2012 16:14:21 -0800 (PST)
Received: by 10.76.27.103 with HTTP; Thu, 15 Nov 2012 16:14:21 -0800 (PST)
In-Reply-To: <3CF77CCB-5549-4888-8024-7842BB5FFE17@tcb.net>
References: <CABrd9SRyv+UerPJBf+gw47nWj3t4ekHRnWsKC0pHcadHV5mvmw@mail.gmail.com> <alpine.LSU.2.00.1211141601220.27013@hermes-1.csi.cam.ac.uk> <CAMm+Lwgy-vtd+xk87kY1bDFccT8MTFuJ2d3mLKmyo91gmM-FvQ@mail.gmail.com> <3CF77CCB-5549-4888-8024-7842BB5FFE17@tcb.net>
Date: Thu, 15 Nov 2012 19:14:21 -0500
Message-ID: <CAMm+Lwg7e0OtbBi9Zo3y0VcrXGCusnORMkg7Psq3D=DsRYtn4w@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Danny McPherson <danny@tcb.net>
Content-Type: multipart/alternative; boundary="e89a8ff253583af9ed04ce91a61f"
Cc: therightkey@ietf.org, IETF DANE WG list <dane@ietf.org>
Subject: Re: [therightkey] [dane] DANE and CT
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2012 00:14:22 -0000

On Thu, Nov 15, 2012 at 5:57 PM, Danny McPherson <danny@tcb.net> wrote:

>
> On Nov 15, 2012, at 8:02 AM, Phillip Hallam-Baker wrote:
>
> >
> > DANE certificates are only as secure as the DNS names they are attached
> to. DNS hijacking occurs at a rate well in excess of 10,000 names a year
> and is probably much much higher if we could get better numbers.
>
> PHB - do you have a citation qualifying this?
>

Not one I can share. But it seemed at the lower bound to me given the
number of sites I use that have been hijacked recently.

You folk should have much more accurate figures. Care to share?



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email