[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trouble with Sender Authentication

To: John Levine <johnl@xxxxxxxx>
Subject: Re: Trouble with Sender Authentication
From: Douglas Otis <dotis@xxxxxxxxxxxxxx>
Date: Fri, 10 Nov 2006 08:58:33 -0800
Cc: ietf-mxcomp@xxxxxxx
In-reply-to: <20061110052408.5482.qmail@xxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-mxcomp/mail-archive/>
List-id: <ietf-mxcomp.imc.org>
List-unsubscribe: <mailto:ietf-mxcomp-request@imc.org?body=unsubscribe>
References: <20061110052408.5482.qmail@xxxxxxxxxxxxxxx>
Sender: owner-ietf-mxcomp@xxxxxxxxxxxx



On Nov 9, 2006, at 9:24 PM, John Levine wrote:

Could someone kindly point me to workable CSV library so that Icould provide Doug with an example of using CSV to generatehighier amount of amplification than his assertions about SPF?
It'll be a challenge. CSV is a single DNS query per message, sothe only things you get to use for amplification are delegation andCNAMEs.
I do agree that the DNS threat from SPF is not qualitatively worsethan what we already put up with for CNAMEs.

Chaining CNAMEs does not offer the same distributed attack. CNAMEchaining uses resources of the attacker. While CNAMEs can be aproblem, they represent a threat than can be identified and handledby the affected party. The SPF attack can not be identified andthere is no defense possible. I would call that a qualitativedifference.


-Doug

References:
- Re: Trouble with Sender Authentication
  - From: John Levine

Prev by Date: Interesting (ab)uses of DNS (was: Trouble with Sender Authentication)
Next by Date: Re: Trouble with Sender Authentication
Previous by thread: Re: Trouble with Sender Authentication
Next by thread: Re: Trouble with Sender Authentication
Index(es):
- Date
- Thread