| 1 |
On 03/10/2013 09:56 PM, Michael Orlitzky wrote: |
| 2 |
> On 03/10/2013 06:00 PM, Michael Mol wrote: |
| 3 |
>>> |
| 4 |
>>> It's been ages since I looked at that link and longer addresses |
| 5 |
>>> would certainly be needed anyway but certainly with DNSSEC again |
| 6 |
>>> concocted by costly unthoughtful and unengaging groups who chose |
| 7 |
>>> to ignore DJB and enable amplification attacks. |
| 8 |
> |
| 9 |
>> What from DJB did they ignore? I honestly don't know what you're |
| 10 |
>> talking about. |
| 11 |
> |
| 12 |
> |
| 13 |
> This was a non-sequitur as far as I can tell, but I remember the |
| 14 |
> amplification attack from a talk: |
| 15 |
> |
| 16 |
> http://vimeo.com/18279777 (video) |
| 17 |
> http://cr.yp.to/talks/2010.12.28/slides.pdf (slides) |
| 18 |
> |
| 19 |
> It was a really good talk, however you feel about DJB. |
| 20 |
> |
| 21 |
> |
| 22 |
|
| 23 |
Didn't watch the video, but I did read the slide deck. It's a good read, |
| 24 |
even if I disagree with a number of key points, disagree with the tack |
| 25 |
taken as a solution, and further think the presenter cherry-picked his |
| 26 |
arguments, amplified inconsequential pieces of the problem space and |
| 27 |
skipped over obvious problems with his approach. (Hm. I suspect I'm |
| 28 |
formulating an opinion on DJB, and I didn't have one a couple hours |
| 29 |
ago...) (That said, he does seem to know how to use slide decks properly!) |
| 30 |
|
| 31 |
|
| 32 |
I believe Kevin's position is that, while I cited "secure your DNS" in |
| 33 |
response to some of the arguments raised by a slide deck he linked to, |
| 34 |
"securing your DNS" would likely involve using DNSSEC, which DJB argues |
| 35 |
enable amplification attacks. |
Archives