On Sun, 17 Aug 2008, Ted Lemon wrote: > On Aug 17, 2008, at 9:24 AM, Dean Anderson wrote: > > Changing DNS doesn't eliminate the attack of misplaced trust. It > > merely eliminates one method we know of for accomplishing the > > attack, at great expense and great risk, I might add. > > You may not add that unless you are willing to justify the assertion, > which thus far you have not done.
Changing DNS protocol is considered by many to be expensive and risky. Are you saying its not expensive or risky? That seems to be a far more bold assertion. > And if you argue that we shouldn't close the DNS hole, your argument > applies equally to these problems. Are you arguing that we shouldn't > address them either? It may well impossible to close the problems of cross site scripting and javascript viruses. However, misplaced trust attacks can only be avoided by preventing the sending of trusted information to untrusted sites. Solve this problem correctly (which is entirely doable) and none of these attacks will be effective at obtaining trusted information. Changing DNS protocol is not necessary to prevent misplaced trust attacks. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop