In message <[EMAIL PROTECTED]>, Mark Andrews writes:
>
> In message <[EMAIL PROTECTED]>, Pekka Savola write
> s:
> > On Fri, 14 Nov 2008, Mark Andrews wrote:
> > >> How does an application do "accept if signed and validated by DNSSEC"?
> > >
> > > You validate the CERT RRset using the technique
In message <[EMAIL PROTECTED]>, Pekka Savola writes:
> On Fri, 14 Nov 2008, Mark Andrews wrote:
> >> How does an application do "accept if signed and validated by DNSSEC"?
> >
> > You validate the CERT RRset using the techniques in RFC
> > 4033, 4034 and 4035. If the answer is "secure" th
On Fri, 14 Nov 2008, Mark Andrews wrote:
How does an application do "accept if signed and validated by DNSSEC"?
You validate the CERT RRset using the techniques in RFC
4033, 4034 and 4035. If the answer is "secure" then it was
signed and validated. You the match offere
In message <[EMAIL PROTECTED]>, Pekka Savola writes:
> On Fri, 14 Nov 2008, Mark Andrews wrote:
> > In message
> > <[EMAIL PROTECTED]>, Tony F
> > inch writes:
> >> You also need the server to provide a verifiable TLS certificate.
> >> The vast majority of them are not. This problem is perhaps
On Fri, 14 Nov 2008, Mark Andrews wrote:
In message
<[EMAIL PROTECTED]>, Tony F
inch writes:
You also need the server to provide a verifiable TLS certificate.
The vast majority of them are not. This problem is perhaps even
harder to fix than the lack of DNSSEC.
Just use DNSSEC and CE
In message <[EMAIL PROTECTED]>, Tony F
inch writes:
> You also need the server to provide a verifiable TLS certificate. The vast
> majority of them are not. This problem is perhaps even harder to fix than
> the lack of DNSSEC.
Just use DNSSEC and CERT records to do that.
If self
On Thu, 13 Nov 2008, Mark Andrews wrote:
>In message <[EMAIL PROTECTED]>, Dave CROCKER writes:
>>Mark Andrews wrote:
>>>In message <[EMAIL PROTECTED]>, Tony Finch writes:
SMTP over TLS to an MX does NOT protect against man in the middle attacks.
>>>
>>> It does when you turn on DNSSEC
>>
In message <[EMAIL PROTECTED]>, Dave CROCKER writes:
>
>
> Mark Andrews wrote:
> > In message <[EMAIL PROTECTED]>, Ton
> y Fi
> > nch writes:
> >> SMTP over TLS to an MX does NOT protect against man in the middle attacks.
> >
> > It does when you turn on DNSSEC
>
> Perhaps I'm not underst
Mark Andrews wrote:
In message <[EMAIL PROTECTED]>, Tony Fi
nch writes:
SMTP over TLS to an MX does NOT protect against man in the middle attacks.
It does when you turn on DNSSEC
Perhaps I'm not understanding, but I think you just confirmed that Tony's
statement was correct.
d/
--
In message <[EMAIL PROTECTED]>, Tony Fi
nch writes:
> On Wed, 12 Nov 2008, Mark Andrews wrote:
> >
> > It also stops the small sites being able to use cryptography to stop man
> > in the middle attacks as they are forced to insert a middle man.
> SMTP over TLS to an MX does NOT protect against ma
On Wed, 12 Nov 2008, Mark Andrews wrote:
>
> It also stops the small sites being able to use cryptography to stop man
> in the middle attacks as they are forced to insert a middle man.
SMTP over TLS to an MX does NOT protect against man in the middle attacks.
Tony.
--
f.anthony.n.finch <[EMAIL
On Tue, Nov 11, 2008 at 02:57:32PM -0800, Randy Presuhn wrote:
> This may be due to misuse of DNSxL technology or other reputation
> systems, but if this small sample is any indication of the
> extent to which the technology is being used inappropriately
> or incorrectly, it suggests that significa
On 11/12/08 1:03 AM, Dave CROCKER wrote:
Why?
What are the specific aspects of this specification that fail to
qualify for Proposed Standard?
This is precisely what I want to know.
What changes to the specification will fix these deficiencies?
What he said.
Eliot
Randy Presuhn wrote:
"Informational" makes sense to me at this time.
Why?
What are the specific aspects of this specification that fail to qualify for
Proposed Standard?
What changes to the specification will fix these deficiencies?
d/
--
Dave Crocker
Brandenburg InternetWorking
In message <[EMAIL PROTECTED]
>, Jonathan Curtis writes:
>
> 2. The impact of DNSxL's when applied on Inbound Email Servers is significant
> with very little collateral damage. A good estimate is that over 70% of all sp
> am email is prevented by the application of DNSxBL's, sparing many service
Hi -
> From: "Jonathan Curtis" <[EMAIL PROTECTED]>
> To:
> Sent: Tuesday, November 11, 2008 12:49 PM
> Subject: Comments on Draft IRTF ASRG DNSBL - 07
...
> 2. The impact of DNSxL's when applied on Inbound Email Servers
> is significant with very litt
Having spent 13 years managing abuse (Spam/Phishing/Botnets) within a large ISP
organization, 5 to 6 years in a leadership position of the Messaging Anti-Abuse
Working Group and active member of the Canadian National Cyber-Forensics
Training Alliance, I can say that DNSxL's are a critical part
17 matches
Mail list logo