On Apr 19, 2013, at 10:22 AM, Edward Lewis <[email protected]> wrote:
> I am pushing to rely on a second factor (the security over the c&c channel to > the parent) to verify the request. But what if that second factor is compromised?!?! :-) As Wes pointed out, the choice is adding in more things that an attacker must surmount versus making the normal thing happen easily. In every system that requires authentication for an action to happen, there will be chances of compromise of the authentication mechanism. Operators get to decide how much they care about that. --Paul Hoffman _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
