On Fri, Mar 21, 2014 at 03:51:30PM -0700, Ted Hardie <[email protected]> wrote a message of 58 lines which said:
> We may eventually get to active attacks as well, but those aren't likely to > be occurring at the moment because they aren't required; passive monitoring > of a cleartext protocol is enough. > > Do we have agreement that this is the core of what we're setting out to do? Not for me. The problem is that "active" or "passive" depends on the layer. According to Snowden files, the NSA is doing _active_ attacks (injecting packets with QUANTUM, planting malware with FOXACID) for the purpose of conducting _passive_ data collection. So, I do not think we should limit ourselves to passive attacks. I like the idea (in draft-hallambaker-dnse) to have several levels of security (against a purely passive attacker, against an active attacker but with a trusted first contact, against an active attacker in every case, etc). _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
