Hiya, On 10/01/18 16:04, Adam Roach wrote: > On 1/9/18 9:01 PM, Mark Nottingham wrote: >> Hi Adam, >> >>> On 10 Jan 2018, at 12:34 pm, Adam Roach <adam@nostrum.com> wrote: >>> >>> This seems a good mechanism overall. The security property of no longer >>> requiring DNS checks seems a slight bit troublesome, as it (as the draft >>> acknowledges) makes mounting an attack significantly easier: all that is >>> required is exploiting a CA, rather than the two-step process of >>> doing that >>> plus hijacking DNS in some way. Was there consideration given to >>> advising that >>> implementations perform DNS checks after the fact? This would provide >>> the >>> latency benefits this mechanism is defined for while allowing at >>> least for >>> detection of origin hijacking. >> Not specifically. > > Given that Mistakes Do Happen[1][2][3][4][5][6][7][8][9][10], it seems > it probably should have been. I believe the document needs a bit more > treatment of this issue before it moves forward. > Just want to check a thing - if one added some DNS check, am I right that any privacy benefit of the ORIGIN frame might then be lost? If so, maybe this is more of a trade-off? If not, then maybe I'm just as confused as usual;-) S.
Received on Wednesday, 10 January 2018 17:26:12 UTC