Re: Heuristics are not security

2014-02-24 Thread Wietse Venema
Dirk St?cker: > On Mon, 24 Feb 2014, Wietse Venema wrote: > > > The absence of observed variation does not mean nothing of relevance > > has changed, and the presence of benign observed changes drowns out > > the malicious ones, assuming that the malicious party is stupid > > enough to reveal itse

THREAD CLOSED: Heuristics are not security

2014-02-24 Thread Viktor Dukhovni
On Mon, Feb 24, 2014 at 06:35:43PM +0100, Dirk St?cker wrote: > >The absence of observed variation does not mean nothing of relevance > >has changed, and the presence of benign observed changes drowns out > >the malicious ones, assuming that the malicious party is stupid > >enough to reveal itself

Re: Heuristics are not security

2014-02-24 Thread Dirk Stöcker
On Mon, 24 Feb 2014, Wietse Venema wrote: The absence of observed variation does not mean nothing of relevance has changed, and the presence of benign observed changes drowns out the malicious ones, assuming that the malicious party is stupid enough to reveal itself. Well, if the only output o

Heuristics are not security (was: TLS client logging PATCH)

2014-02-24 Thread Wietse Venema
Dirk St?cker: > >> 5) with a trusted cert matching the hostname + hostname == reverse DNS > > > > This is even more meaningless. > > It is an additional level of security. Only a very small bit, yes, but it PLEASE DO NOT call this "security". This stuff is weaker than spam filter heuristics, an