On 24.3.2014 12:21, Stephane Bortzmeyer wrote:
On Fri, Mar 21, 2014 at 03:51:30PM -0700,
Ted Hardie <[email protected]> wrote
a message of 58 lines which said:
We may eventually get to active attacks as well, but those aren't likely to
be occurring at the moment because they aren't required; passive monitoring
of a cleartext protocol is enough.
Do we have agreement that this is the core of what we're setting out to do?
Not for me. The problem is that "active" or "passive" depends on the
layer. According to Snowden files, the NSA is doing _active_ attacks
(injecting packets with QUANTUM, planting malware with FOXACID) for
the purpose of conducting _passive_ data collection.
So, I do not think we should limit ourselves to passive attacks. I
I agree. Resiliency against passive attacks only is very very brittle and I
hope we can do better.
Also, keep in mind
http://en.wikipedia.org/wiki/Authenticated_encryption#cite_ref-1
http://en.wikipedia.org/wiki/Authenticated_encryption#cite_ref-2
Have a nice day!
--
Petr Spacek @ Red Hat
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
