Re: Fisking vs Top-Posting

2010-09-24 Thread Tony Finch
On Fri, 24 Sep 2010, Sabahattin Gucukoglu wrote: > > Just out of curiosity, where did you get confirmation that Apple Mail > behaves the way it does for the reason it does? Can't remember, sorry. Tony. -- f.anthony.n.finchhttp://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WES

DNS spoofing at captive portals

2010-09-24 Thread Michael Richardson
Has the IETF (or rather then IAB) written any simple documents that explain to less informed (i.e. marketing/product) managers why it is a bad thing for a captive portal to spoof DNS replies? (not just in regard to DNSSEC, but also in regards to just caching) -- ] He who is tired of Weird

Re: Fisking vs Top-Posting

2010-09-24 Thread John C Klensin
--On Thursday, September 23, 2010 10:43 -0700 Randy Dunlap wrote: >... >> the same people also complain when I trim. >> >> So its a combination of pathological behaviours, UI, and >> dominance behaviour > > That should just be a function of where the UI software > positions the cursor, should

Re: Fisking vs Top-Posting

2010-09-24 Thread Randy Dunlap
On Fri, 24 Sep 2010 09:09:08 -0400 John C Klensin wrote: > > > --On Thursday, September 23, 2010 10:43 -0700 Randy Dunlap > wrote: > > >... > >> the same people also complain when I trim. > >> > >> So its a combination of pathological behaviours, UI, and > >> dominance behaviour > > > > That

Posting Placement (was Re: Fisking vs Top-Posting)

2010-09-24 Thread Joel M. Halpern
I tend to assume that people write emails the way they would like to read them. Thus, if I am writing an email with a lot of detailed context from a previous message, I include the revelant portions of the message, and reply in line. However, when I am writing A reply that does not require d

Re: [certid] Why require EKU for certid?

2010-09-24 Thread Henry B. Hotz
On Sep 22, 2010, at 9:44 AM, Paul Hoffman wrote: > At 10:21 AM -0600 9/22/10, Peter Saint-Andre wrote: >> On 9/14/10 12:51 AM, Stefan Santesson wrote: >>> General: >>> I would consider stating that server certificates according to this profile >>> either MUST or SHOULD have the serverAuth EKU set

Re: [TLS] [certid] [secdir] secdir review of draft-saintandre-tls-server-id-check-09

2010-09-24 Thread Marsh Ray
On 09/23/2010 01:10 PM, Richard L. Barnes wrote: There is no black magic here, only the magic of the TLS server_name extension. If the client provides server_name=gmail.com, the server provides a gmail.com cert, otherwise it defaults to mail.google.com. Your browser is following two secure deleg

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread Alfred Hönes
At Fri, 24 Sep 2010 07:21:21 -0400, Michael Richardson wrote: > Has the IETF (or rather then IAB) written any simple documents that > explain to less informed (i.e. marketing/product) managers why it > is a bad thing for a captive portal to spoof DNS replies? > (not just in regard to DNSSEC, but

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread Richard L. Barnes
This document is probably relevant, although it goes the route of "providing guidelines for minimum breakage" rather than forbidding. On Sep 24, 2010, at 8:38 AM, Alfred HÎnes wrote: At Fri, 24 Sep 2010 07:21:21 -0400, Michael Ric

Re: Posting Placement (was Re: Fisking vs Top-Posting)

2010-09-24 Thread Marshall Eubanks
On Sep 24, 2010, at 11:36 AM, Joel M. Halpern wrote: > I tend to assume that people write emails the way they would like to read > them. > > Thus, if I am writing an email with a lot of detailed context from a previous > message, I include the revelant portions of the message, and reply in lin

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread Livingood, Jason
>> >> c) draft-livingood-dns-redirect and draft-livingood-dns-malwareprotect draft-livingood-dns-malwareprotect concerns what is primarily an opt-in service to block known malware sites for end users. Hopefully that is less controversial than the redirect one, but who knows. draft-livingood-dns

Re: Fisking vs Top-Posting

2010-09-24 Thread Tony Finch
On Fri, 24 Sep 2010, John C Klensin wrote: > > FWIW, the thing that really irritates me is having someone respond to a > message after quoting only a few lines (often good) but without > supplying some clue that permits me to find the message being replied to > if needed. [...] or even using a goo

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread Paul Hoffman
At 6:18 PM + 9/24/10, Livingood, Jason wrote: >I'm a bit conflicted >though about whether to keep it as informational or consider historic. If it describes something that you believe is currently deployed, even if you think that deployment is non-optimal, it should be marked as Informational.

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread Keith Moore
On Sep 24, 2010, at 8:38 AM, Alfred HÎnes wrote: > At Fri, 24 Sep 2010 07:21:21 -0400, Michael Richardson wrote: > >> Has the IETF (or rather then IAB) written any simple documents that >> explain to less informed (i.e. marketing/product) managers why it >> is a bad thing for a captive portal t

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread John Levine
>IANAL but would think that such practice should expose the operator >of the server or proxy to civil and/or criminal action, both from the >operators of the zones whose RRs are being misrepresented, and from >the users' whose applications are affected. I'm not a lawyer either, but I at least know

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread Steven Bellovin
On Sep 24, 2010, at 5:17 19PM, John Levine wrote: >> IANAL but would think that such practice should expose the operator >> of the server or proxy to civil and/or criminal action, both from the >> operators of the zones whose RRs are being misrepresented, and from >> the users' whose applications

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread John R. Levine
It will be interesting to see what will happen to these "services" when DNSSEC is used more widely. Plan A: few consumers will use DNSSEC between their PCs and the ISP's resolver, so they won't notice. Plan B: consumers will observe that malicious impersonation of far away DNS servers is ra

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread John Levine
>Plan A: few consumers will use DNSSEC between their PCs and the ISP's >resolver, so they won't notice. > >Plan B: consumers will observe that malicious impersonation of far away >DNS servers is rare and exotic, but malware spam arrives hourly, so they >will make a rational tradeoff, take their

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread bill manning
On 24September2010Friday, at 17:16, John Levine wrote: >> Plan A: few consumers will use DNSSEC between their PCs and the ISP's >> resolver, so they won't notice. >> >> Plan B: consumers will observe that malicious impersonation of far away >> DNS servers is rare and exotic, but malware spam a

Re: Fisking vs Top-Posting

2010-09-24 Thread John C Klensin
--On Friday, September 24, 2010 08:17 -0700 Randy Dunlap wrote: > One thing that bothers me is when people do mixed-line posting > but end their reply say, < 50% thru the message, but then they > don't delete the rest of the message, so the reader has to scan > the rest of the message to see if

Re: [ietf] DNS spoofing at captive portals

2010-09-24 Thread John R. Levine
presuming your statement about an inversion of the stated trust model is correct, can we dereference "friendly" and "hostile" to whom? Who makes that assessment and who/what defines the tools to implement a trust policy? Those are all excellent questions, and if I had good answers I would an

Re: Fisking vs Top-Posting

2010-09-24 Thread Michael Richardson
> "Tony" == Tony Finch writes: Tony> On Fri, 24 Sep 2010, John C Klensin wrote: >> FWIW, the thing that really irritates me is having someone >> respond to a message after quoting only a few lines (often good) >> but without supplying some clue that permits me to find the