On 03/10/2013 09:56 PM, Michael Orlitzky wrote:
> On 03/10/2013 06:00 PM, Michael Mol wrote:
>>>
>>> It's been ages since I looked at that link and longer addresses 
>>> would certainly be needed anyway but certainly with DNSSEC again 
>>> concocted by costly unthoughtful and unengaging groups who chose
>>> to ignore DJB and enable amplification attacks.
> 
>> What from DJB did they ignore? I honestly don't know what you're
>> talking about.
> 
> 
> This was a non-sequitur as far as I can tell, but I remember the
> amplification attack from a talk:
> 
>   http://vimeo.com/18279777 (video)
>   http://cr.yp.to/talks/2010.12.28/slides.pdf (slides)
> 
> It was a really good talk, however you feel about DJB.
> 
> 

Didn't watch the video, but I did read the slide deck. It's a good read,
even if I disagree with a number of key points, disagree with the tack
taken as a solution, and further think the presenter cherry-picked his
arguments, amplified inconsequential pieces of the problem space and
skipped over obvious problems with his approach. (Hm. I suspect I'm
formulating an opinion on DJB, and I didn't have one a couple hours
ago...) (That said, he does seem to know how to use slide decks properly!)


I believe Kevin's position is that, while I cited "secure your DNS" in
response to some of the arguments raised by a slide deck he linked to,
"securing your DNS" would likely involve using DNSSEC, which DJB argues
enable amplification attacks.