On 03/10/2013 09:56 PM, Michael Orlitzky wrote: > On 03/10/2013 06:00 PM, Michael Mol wrote: >>> >>> It's been ages since I looked at that link and longer addresses >>> would certainly be needed anyway but certainly with DNSSEC again >>> concocted by costly unthoughtful and unengaging groups who chose >>> to ignore DJB and enable amplification attacks. > >> What from DJB did they ignore? I honestly don't know what you're >> talking about. > > > This was a non-sequitur as far as I can tell, but I remember the > amplification attack from a talk: > > http://vimeo.com/18279777 (video) > http://cr.yp.to/talks/2010.12.28/slides.pdf (slides) > > It was a really good talk, however you feel about DJB. > >
Didn't watch the video, but I did read the slide deck. It's a good read, even if I disagree with a number of key points, disagree with the tack taken as a solution, and further think the presenter cherry-picked his arguments, amplified inconsequential pieces of the problem space and skipped over obvious problems with his approach. (Hm. I suspect I'm formulating an opinion on DJB, and I didn't have one a couple hours ago...) (That said, he does seem to know how to use slide decks properly!) I believe Kevin's position is that, while I cited "secure your DNS" in response to some of the arguments raised by a slide deck he linked to, "securing your DNS" would likely involve using DNSSEC, which DJB argues enable amplification attacks.
signature.asc
Description: OpenPGP digital signature
