On Sun, 17 Aug 2008, Ted Lemon wrote:
> On Aug 17, 2008, at 9:24 AM, Dean Anderson wrote:
> > Changing DNS doesn't eliminate the attack of misplaced trust. It
> > merely eliminates one method we know of for accomplishing the
> > attack, at great expense and great risk, I might add.
>
> You may not add that unless you are willing to justify the assertion,
> which thus far you have not done.
Changing DNS protocol is considered by many to be expensive and risky.
Are you saying its not expensive or risky? That seems to be a far more
bold assertion.
> And if you argue that we shouldn't close the DNS hole, your argument
> applies equally to these problems. Are you arguing that we shouldn't
> address them either?
It may well impossible to close the problems of cross site scripting and
javascript viruses.
However, misplaced trust attacks can only be avoided by preventing the
sending of trusted information to untrusted sites. Solve this problem
correctly (which is entirely doable) and none of these attacks will be
effective at obtaining trusted information. Changing DNS protocol is
not necessary to prevent misplaced trust attacks.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
