Hi Tommy, I also noticed that your email client rewrote the link to "The Register", a site that everyone knows, which then linked to NY Times, etc.
It used the domain "nam06.safelinks.protection.outlook.com". Why would that domain be necessary if DNS-based security worked? thanks, Rob On Tue, Jul 16, 2019 at 10:32 AM Rob Sayre <[email protected]> wrote: > > > On Tue, Jul 16, 2019 at 10:20 AM Tommy Jensen <[email protected]> > wrote: > >> The link you shared indicates the problem is RC4, which was removed from >> TLS in 1.3 for this very reason. This doesn’t demonstrate TLS 1.3 is >> vulnerable; it demonstrates why adopting TLS 1.3 is so important. >> > > Yeah, that's one part of it, but some of the other approaches described > are more general. > > thanks, > Rob > > > >> >> Thanks, >> Tommy >> ------------------------------ >> *From:* DNSOP <[email protected]> on behalf of Rob Sayre < >> [email protected]> >> *Sent:* Tuesday, July 16, 2019 8:46:42 AM >> *To:* Eric Rescorla <[email protected]> >> *Cc:* dnsop WG <[email protected]>; Paul Vixie <[email protected]> >> *Subject:* Re: [DNSOP] Fwd: [Add] new draft: >> draft-grover-add-policy-detection-00 >> >> On Tue, Jul 16, 2019 at 6:41 AM Eric Rescorla <[email protected]> wrote: >> >> >> >> The certs are public information, so having the certs isn't useful. Can >> you please be clearer about the attack you are describing? >> >> >> Sure, here's an article about it: >> < >> https://www.theregister.co.uk/2013/09/06/nsa_cryptobreaking_bullrun_analysis/ >> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww..theregister.co.uk%2F2013%2F09%2F06%2Fnsa_cryptobreaking_bullrun_analysis%2F&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C496a0b49339349ac921308d70a04e0de%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636988888386522988&sdata=SbICd7%2FtkDlhh1zyusjw75CRgg6KHhbpzH0Efn%2BoBew%3D&reserved=0> >> > >> >> Do you have any thoughts on that? >> >> thanks, >> Rob >> >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
