In message <201010211458.o9LEw8Ta020687@xxxxxxxxxxxxxxxxxxx>, Martin Rex writes : > > > > On Wed, Oct 20, 2010 at 9:55 PM, Mark Andrews <marka@xxxxxxx> wrote: > > > > > > The DNS is not just name to address translation. > > It doesn't really matter what DNS translates, all translations > are equally untrusted. Actually it's not these days. I can trust some answers from the DNS more than other answers from the DNS. > The architecture of the internet is based on good faith and best effort. > DNS is _no_ different. > > What we're fighting about is probably not what exactly DNSSEC is > about, but how we define the meaning of "trusted". A lot of folks > seem to argue based on the assumption "faith" == "trust". I can trust that some answers have not been tampered with in transit others I can't. Whether the original data is was "good" or not is another question. I need to also make a decision about whether to trust that data or not but I can't do that as safely without first knowing that it hasn't been tampered with in transit. For email we can eliminate MITM interception attacks now that we have DNSSEC. The answers to the MX, A and AAAA lookups can now be secured. This gives you a MX record (explict or implicit) which is reasonable to trust. From that you know who you are supposed to be talking to and what CERT should should be presented in response to STARTTLS. The only thing missing is a way to say that you should expect to have STARTTLS offered to you when you make the SMTP connection. A simple solution to that would be to have SMX (Secure MX) record which is otherwise identical to a MX records but indicates that STARTTLS is offered by the mail exchangers for this mail domain. Even without SMX you have stopped redirection by returning fake MX RRsets or fake A / AAAA records. You now need to redirect/intercept the TCP connections. You have made the job of intercepting email harder. > > > > If you want to authenticate your peer, use something like an SSH host > > > > key. > > > > > > And how do you know you should trust the host key the remote machine > > > presents? > > Use whatever you feel comfortable with. Out-of-band pen&paper. > Leap-of-faith on initial encounter. > > What do you do yourself when you meet some person for the first time? > Do you ask them for their passport or legal ID-card (not that it would > make much of a difference)? And what do you do on repeated encounter? It depends on what my relationship with them will be. > The traditional human concept of "trust" between persons is > a combination of "leap-of-faith on initial encounter" with non-negative > experience and getting accustomed to sensoric input patterns to some > of the other persons's biometrics (which requires memorizing those patterns). > > And both, evolution and every day life shows us that collecting memories > about previous encounters can help us to significantly reduce our > susceptibility to impersonation. We also have introductions. People also read body language etc. none of which is available digitally. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf