On Sat, Aug 30, 2014 at 12:56 AM, John Heidemann wrote:
> On Wed, 27 Aug 2014 12:46:41 -0700, Wes Hardaker wrote:
>>Carsten Strotmann writes:
>>But then, stepping back, you have to ask yourself: what's the likely
>>threat model of everyone in 100 feet trying to attack you? If we really
>>...
>>
On Wed, 27 Aug 2014 12:46:41 -0700, Wes Hardaker wrote:
>Carsten Strotmann writes:
>
>>> Ok then I am an attacker, since you cannot authenticate me, I sign the
>>> data myself. This has data integrity. But it is the modified data and
>>> not what you expected to receive...
>>
>> How can you sign
On Aug 29, 2014, at 5:30 AM, Wes Hardaker wrote:
> Paul Hoffman writes:
>
>> On Aug 27, 2014, at 12:46 PM, Wes Hardaker wrote:
>>
>>> But what's the solution? How do we authenticate that resolver? PKIX
>>> won't help us, as there is no name.
>>
>> Say what? That draft clearly says that the
Paul Hoffman writes:
> On Aug 27, 2014, at 12:46 PM, Wes Hardaker wrote:
>
>> But what's the solution? How do we authenticate that resolver? PKIX
>> won't help us, as there is no name.
>
> Say what? That draft clearly says that the resolver can have a PKIX
> certificate with its IP address as
Mark Andrews writes:
> Actually DNSSEC could give you the key of the resolver securely
> provided it has a public address. Publish a KEY record signed in
> the DNS under in-addr.arpa or ip6.arpa. If need to we define flag
> bits to say it is for this purpose. For private addresses you need
> t
> Ok, you obviously don't believe DNS traffic needs privacy on the sole
> basis, that there's a bigger fish in the pond. I have seen X-Files and
> I choose to believe, let's leave it at that and move to the technical
> side of things.
I am telling from my first message! And I am telling that your
On 29 August 2014 11:41, Hosnieh Rafiee wrote:
>
>> > Do you have any statistics or any references that prove TU 2,3 tried
>> analyzing resolver traffics?
>>
>> No, I do not belong in TU 2/3 and I do not participate in any data
>> misuse project. However, the collected data is provably valuable fo
> > Do you have any statistics or any references that prove TU 2,3 tried
> analyzing resolver traffics?
>
> No, I do not belong in TU 2/3 and I do not participate in any data
> misuse project. However, the collected data is provably valuable for
> some people (otherwise services like following wo