cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: samj AT samj.net
- To: "Philipp Guehring" <philipp AT cacert.org>
- Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>
- Subject: Re: [Cacert-sysadm] CAcert email address snafu
- Date: Mon, 18 Aug 2008 01:20:59 +0200
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
On 8/17/08, Philipp Guehring
<philipp AT cacert.org>
wrote:
> Hi,
>> interesting to see you aleady went through much of the process I just
>> did about adding DNS services etc. And came to the same conclusions.
>>
>> Actually registrars like .se are finding they can charge more for
>> secured domains, which is both good and bad for adoption.
>>
> Do they provide whois over SSL for secured domains?
Secured == DNSSEC
>> I guess encrypting the probes is useless if they already have to log
>> in to respond to one, as they should.
>>
> Well, it helps for privacy, but it is unlikely that it helps for security.
>> Sampling the DNS from multiple points would help without imposing
>> delay
> Yes, I think we should implement that.
> Can anyone implement a whois and DNS proxy service, that
> does not do any caching and checks for coherence?
>> and randomly delaying the probe would too, while also slowing
>> down attacks
> How long would you delay those probes? Seconds? Minutes? Hours? Days? Weeks?
> What's the exact threat-scenario that the delays help against?
DNS attacks often rely on knowing when a query will be done so
delaying it even seconds should help. The other one is where I walk
into your office while you fetch a coffee and use the window to
respond to a probe, this hijacking your address. Delaying the probe
will slow you down, but you could always just visit in advance and set
up a filter.
>> involving intermittent access to a victim's email, but it
>> affects the user experience and could probably be foiled by filters.
>>
> Yes.
>
> Best regards,
> Philipp GÜhring
>
- Re: [Cacert-sysadm] CAcert email address snafu, (continued)
- Re: [Cacert-sysadm] CAcert email address snafu, Philipp Gühring, 08/10/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Guillaume ROMAGNY - CAcert support, 08/10/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Teus Hagen, 08/11/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/11/2008
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/11/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/11/2008
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/12/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/12/2008
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/12/2008
- Message not available
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/17/2008
- Message not available
- Re: [Cacert-sysadm] CAcert email address snafu, samj, 08/17/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Philipp Gühring, 08/10/2008
- Message not available
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/18/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/19/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/19/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/20/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/22/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/22/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/28/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/28/2008
- Re: [Cacert-sysadm] CAcert email address snafu, IanG, 08/29/2008
- Re: [Cacert-sysadm] CAcert email address snafu, Sam Johnston, 08/29/2008
Archive powered by MHonArc 2.6.16.