1 |
On 03/10/2013 09:56 PM, Michael Orlitzky wrote: |
2 |
> On 03/10/2013 06:00 PM, Michael Mol wrote: |
3 |
>>> |
4 |
>>> It's been ages since I looked at that link and longer addresses |
5 |
>>> would certainly be needed anyway but certainly with DNSSEC again |
6 |
>>> concocted by costly unthoughtful and unengaging groups who chose |
7 |
>>> to ignore DJB and enable amplification attacks. |
8 |
> |
9 |
>> What from DJB did they ignore? I honestly don't know what you're |
10 |
>> talking about. |
11 |
> |
12 |
> |
13 |
> This was a non-sequitur as far as I can tell, but I remember the |
14 |
> amplification attack from a talk: |
15 |
> |
16 |
> http://vimeo.com/18279777 (video) |
17 |
> http://cr.yp.to/talks/2010.12.28/slides.pdf (slides) |
18 |
> |
19 |
> It was a really good talk, however you feel about DJB. |
20 |
> |
21 |
> |
22 |
|
23 |
Didn't watch the video, but I did read the slide deck. It's a good read, |
24 |
even if I disagree with a number of key points, disagree with the tack |
25 |
taken as a solution, and further think the presenter cherry-picked his |
26 |
arguments, amplified inconsequential pieces of the problem space and |
27 |
skipped over obvious problems with his approach. (Hm. I suspect I'm |
28 |
formulating an opinion on DJB, and I didn't have one a couple hours |
29 |
ago...) (That said, he does seem to know how to use slide decks properly!) |
30 |
|
31 |
|
32 |
I believe Kevin's position is that, while I cited "secure your DNS" in |
33 |
response to some of the arguments raised by a slide deck he linked to, |
34 |
"securing your DNS" would likely involve using DNSSEC, which DJB argues |
35 |
enable amplification attacks. |