On Mon, 13 Apr 2015, Daniel Kahn Gillmor wrote:
i think most people consider DHCP configuration to be at best minimally
useful for DPRIVE -- it leaves you vulnerable at network connection
time, but then protects you against subsequent attacks. *shrug*
If you have an attacker on the last
On Thu 2015-04-09 10:36:17 -0400, Phillip Hallam-Baker wrote:
As I see it, there are two sub-problems:
1) How does a client discover and establish a binding to a DPRIV service?
2) What transport/sessions(s) are supported for queries?
Before answering either, I think it is pretty clear that
On Mon, 13 Apr 2015, Daniel Migault wrote:
Just for information, what are the technical reasons IPsec has not been
considered at all for providing DNS privacy.
People can already use an IPsec VPN and a remote DNS server without
anything new from IETF?
I think additionally, IPsec has a
On Mon, Apr 13, 2015 at 4:13 PM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
On Thu 2015-04-09 10:36:17 -0400, Phillip Hallam-Baker wrote:
As I see it, there are two sub-problems:
1) How does a client discover and establish a binding to a DPRIV service?
2) What transport/sessions(s) are
Hi Paul,
I'm not sure if your point was meant to relate only to DHCP
setting the DNS server IP, but if not then I have a question...
On 13/04/15 21:21, Paul Wouters wrote:
If you have an attacker on the last mile, there is nothing you can do.
Passive only protection against the last mile is a
Hi, all,
Then why not consider the DHCP?
DHCP can support client authentication and can be used to configure the RS key
on the authenticated client.
Do you think this will help?
Zhiwei Yan
2015-04-14
Zhiwei Yan
发件人: Daniel Migault
发送时间: 2015-04-14 07:20:47
收件人: Paul Wouters
抄送:
On Mon, 13 Apr 2015, Daniel Migault wrote:
Just for information, what are the technical reasons IPsec has not
been considered at all for providing DNS
privacy.
People can already use an IPsec VPN and a remote DNS server without
anything new from IETF?
I
On Tue, 14 Apr 2015, Zhiwei Yan wrote:
Hi, all,
Then why not consider the DHCP?
DHCP can support client authentication and can be used to configure the RS key
on the authenticated client.
Do you think this will help?
How do you know the DHCP server is not a rogue attacker?
How does the
Hi Paul,
Thanks for the response. I am just initiating a new tread to avoid mixing
conversations.
On Mon, Apr 13, 2015 at 5:44 PM, Paul Wouters p...@nohats.ca wrote:
On Mon, 13 Apr 2015, Daniel Migault wrote:
Just for information, what are the technical reasons IPsec has not been
RFC 3118 provides a scheme for this issue:
http://www.rfc-base.org/txt/rfc-3118.txt
2015-04-14
Zhiwei Yan
发件人: Paul Wouters
发送时间: 2015-04-14 11:04:58
收件人: Zhiwei Yan
抄送: dns-privacy
主题: Re: [dns-privacy] Considering DHCP
On Tue, 14 Apr 2015, Zhiwei Yan wrote:
Hi, all,
Then
[ Top post ]
What do other think here -- do we want to decide on the discovery and
binding problem first, or do we think that we should choose a document
and start working on that (and possibly add in discovery / binding
later)?
no-hats
I'd personally like to start working on a document - i
11 matches
Mail list logo