On Fri, Feb 22, 2013 at 07:42:17PM +0000, Vernon Schryver wrote: > > From: Lutz Donnerhacke <l...@iks-jena.de> > > > But the errornous transfer of ebay.de would create a deasaster with DANE. > > In what way would DANE make the theft of a domain worse?
On top of all the excellent points Vernon makes about how DANE is no worse, DANE gives you a couple mechanisms to make detection slightly easier. For the erroneous registrar or registrant transfer of the domain name is reflected in the WHOIS (or, let's hope, the eventual output of WEIRDS), so it's possible to see that the sponsorship of the name has changed. If it's merely all the name servers that have changed, that too might be useful evidence that something is up. None of this is perfect, but it is surely more evidence that can be taken into account. And there's the obvious benefit that with DANE, you're not stuck depending on every self-asserting trust vehicle that manages to convince the browser vendors to put in an anchor. I note that none of these mechanisms are built today, of course, but there's no reason reputation systems couldn't develop based on DANE along these lines, particularly if we get something like WEIRDS that would allow profiling of some classes of behaviour without disclosing all the PII that WHOIS does today. A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs