Re: [DNSOP] Fwd: [Add] new draft: draft-grover-add-policy-detection-00

Tue, 16 Jul 2019 17:11:13 -0700 

Hi Tommy,

I also noticed that your email client rewrote the link to "The Register", a
site that everyone knows, which then linked to NY Times, etc.

It used the domain "nam06.safelinks.protection.outlook.com". Why would that
domain be necessary if DNS-based security worked?

thanks,
Rob


On Tue, Jul 16, 2019 at 10:32 AM Rob Sayre <say...@gmail.com> wrote:

>
>
> On Tue, Jul 16, 2019 at 10:20 AM Tommy Jensen <jensen.tho...@microsoft.com>
> wrote:
>
>> The link you shared indicates the problem is RC4, which was removed from
>> TLS in 1.3 for this very reason. This doesn’t demonstrate TLS 1.3 is
>> vulnerable; it demonstrates why adopting TLS 1.3 is so important.
>>
>
> Yeah, that's one part of it, but some of the other approaches described
> are more general.
>
> thanks,
> Rob
>
>
>
>>
>> Thanks,
>> Tommy
>> ------------------------------
>> *From:* DNSOP <dnsop-boun...@ietf.org> on behalf of Rob Sayre <
>> say...@gmail.com>
>> *Sent:* Tuesday, July 16, 2019 8:46:42 AM
>> *To:* Eric Rescorla <e...@rtfm.com>
>> *Cc:* dnsop WG <dnsop@ietf.org>; Paul Vixie <p...@redbarn.org>
>> *Subject:* Re: [DNSOP] Fwd: [Add] new draft:
>> draft-grover-add-policy-detection-00
>>
>> On Tue, Jul 16, 2019 at 6:41 AM Eric Rescorla <e...@rtfm.com> wrote:
>>
>>
>>
>> The certs are public information, so having the certs isn't useful. Can
>> you please be clearer about the attack you are describing?
>>
>>
>> Sure, here's an article about it:
>> <
>> https://www.theregister.co.uk/2013/09/06/nsa_cryptobreaking_bullrun_analysis/
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww..theregister.co.uk%2F2013%2F09%2F06%2Fnsa_cryptobreaking_bullrun_analysis%2F&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C496a0b49339349ac921308d70a04e0de%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636988888386522988&sdata=SbICd7%2FtkDlhh1zyusjw75CRgg6KHhbpzH0Efn%2BoBew%3D&reserved=0>
>> >
>>
>> Do you have any thoughts on that?
>>
>> thanks,
>> Rob
>>
>

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to