Re: IETF: Goal & resolving discussion for this evening.

[Dan Massey <masseyd@isi.edu>]

Hi,

Since possible topics are being discussed, I'd like to suggest that
we consider some threats in more detail.  Groups of people have
discovered "interesting" things when discussing specific DNSSEC
deployment scenarios.  I'd like to discuss some specific attack
scenarios and try to illustrate how DNSSEC would (or would not) help.
I suspect we would learn some things about DNSSEC.  Also, it might be 
better to air this in the dnssec group so we don't inadvertently create 
a how to attack DNS tutorial...

If you think this would be useful, can you think of specific threat 
that DNSSEC will (or will not) counter?  Are you willing to explain
how DNSSEC does it and why DNSSEC is the best way to counter this
threat?  

For example, suppose someone is running dnsspoof on the wireless
network.  Assuming DNSSEC was deployed, what is a scenario where we
would we gain something with DNSSEC?  Is this gain worthwhile and why
is DNSSEC the best way to achieve this gain?

Dan

On Tuesday, August 07, 2001 at 06:15AM, Ed Lewis wrote:
| At 5:53 AM -0400 8/7/01, Russ Mundy wrote:
| >thursday dnsext meeting.  Since we'll be meeting after dnsop WG mtg, things
| >related to that group should be posted on the dnsop mail list.
| 
| To clarify on schedule - the DNSOP ends at 1645 and there is a session from
| 1700-1800.  We meet at 1830.
| 
| Also, I do agree that this type of discussion is off-topic for the status
| meeting but it is a good discussion to have while we are here.
| 
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Edward Lewis                                                NAI Labs
| Phone: +1 443-259-2352                      Email: lewis@tislabs.com
| 
| You fly too often when ... the airport taxi is on speed-dial.
| 
| Opinions expressed are property of my evil twin, not my employer.
|