nanog mailing list archives
Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking
From: Måns Nilsson <mansaxel () besserwisser org>
Date: Wed, 27 Feb 2019 17:13:28 +0100
Subject: RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Date: Wed, Feb 27, 2019 at 10:17:22AM -0500 Quoting Eric Tykwinski (eric-list () truenet com):
Nah, you know, that won't happen any time soon. Mozilla is busy doing other, more important things, like streaming all of the users' DNS queries to Cloudflare, etc. The plain old security doesn't count anymore. -- TömaThis was sort of discussed awhile ago: Adam Langley: https://www.imperialviolet.org/2015/01/17/notdane.html
Calling TXT or DANE non-standard is a remarkable statement. Smells of the deeply flawed reasoning that brought us the festering pile of defaitism that is RFC 7208.[0] As I wrote a few messages upthread, the user can not expect the network to be trustworthy, and still, we who run the network would very much like their business. So, what we must constantly strive for is maximum transparency, carrying as much of the Internet experienc, good or bad, to the end user. Or, more terse: "Middleboxes are bad for you." -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 I demand IMPUNITY! [0] This document tries to deprecate RRTYPE 99 for SPF. By stating that only TXT records can be trusted. Apparently, it is possible to decide on the fly which RRtypes are possible to query for, depending on the argument.
Attachment:
signature.asc
Description:
Current thread:
- Re: A Deep Dive on the Recent Widespread DNS Hijacking, (continued)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Message not available
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking bzs (Feb 26)
- Re: A Deep Dive on the Recent Widespread DNS Hijacking Bill Woodcock (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Julien Goodwin (Feb 26)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike via NANOG (Feb 27)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Töma Gavrichenkov (Feb 27)
- RE: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Eric Tykwinski (Feb 27)
- Re: DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Måns Nilsson (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking John R. Levine (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mark Andrews (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking bzs (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Seth Mattinen (Feb 27)
- Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking Mike Meredith (Feb 28)