From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E67A0198005 for ; Mon, 11 Mar 2013 02:33:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 08506E07A0; Mon, 11 Mar 2013 02:33:52 +0000 (UTC) Received: from mail-oa0-f45.google.com (mail-oa0-f45.google.com [209.85.219.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A9A72E06EE for ; Mon, 11 Mar 2013 02:33:50 +0000 (UTC) Received: by mail-oa0-f45.google.com with SMTP id o6so4062218oag.32 for ; Sun, 10 Mar 2013 19:33:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; bh=BQxLhARtozwCYC4Jl/QQ71kXPbHcALCBQsvLN6Hgvoc=; b=r2urp6GMR/5vOhOAGh8UO2Y+ZgYX0RJ43k+20+wuWr+679rUkCcKbrcj8VPZHw0J1b aDespXPKyRTJ8RS4e5Zbg2Ms1ymITwEx+eeNEkN5LCIzMOga42A5bFJRI7acXeDiaf+o 7YV0YRqT3gQlzxzB0/16NYU78ZR6mQf6PmaF0vZlDLaiStzAl1/j5+zDEjOR6VhiDqWd VCEMjWPRkmgOtdYu/lh5OYtDGapwwOTvBP8T8hoXbEAKGicyyees2r3XiHN/8ha7bJWp JBYIT3AHl71vuSvhV1rHw9xakVY+TRiv9or/kmFQfnhWjHcz3R9H1v6obLe63O3g2Pdu 0AYw== X-Received: by 10.182.12.6 with SMTP id u6mr7270377obb.3.1362969229691; Sun, 10 Mar 2013 19:33:49 -0700 (PDT) Received: from ?IPv6:2001:5c0:1400:a::1b9? ([2001:5c0:1400:a::1b9]) by mx.google.com with ESMTPS id v8sm16252819oea.4.2013.03.10.19.33.47 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 10 Mar 2013 19:33:48 -0700 (PDT) Message-ID: <513D4286.6050609@gmail.com> Date: Sun, 10 Mar 2013 22:33:42 -0400 From: Michael Mol User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130222 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [Bulk] Re: [gentoo-user] /etc/hosts include file? References: <51391398.1030100@gmail.com> <513930FF.6030003@gmail.com> <5139A21E.8060201@gmail.com> <5139EA4D.1000606@gmail.com> <5139ED7C.3030708@gmail.com> <263693.5416.bm@smtp197.mail.ir2.yahoo.com> <513A423D.3080900@gmail.com> <293639.72773.bm@smtp143.mail.ird.yahoo.com> <20130309001343.GB25016@waltdnes.org> <572473.5465.bm@smtp177.mail.ir2.yahoo.com> <513AAA9D.60806@gmail.com> <205134.5515.bm@smtp151.mail.ir2.yahoo.com> <513D028F.9090005@gmail.com> <513D39E4.8030909@orlitzky.com> In-Reply-To: <513D39E4.8030909@orlitzky.com> X-Enigmail-Version: 1.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2FSBAHGHMUFWEXAXWLOAK" X-Archives-Salt: 02071c09-2cba-4f5b-a271-cb55d3af3b85 X-Archives-Hash: 43e8969cb9b2894b68979d90a331a285 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2FSBAHGHMUFWEXAXWLOAK Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 03/10/2013 09:56 PM, Michael Orlitzky wrote: > On 03/10/2013 06:00 PM, Michael Mol wrote: >>> >>> It's been ages since I looked at that link and longer addresses=20 >>> would certainly be needed anyway but certainly with DNSSEC again=20 >>> concocted by costly unthoughtful and unengaging groups who chose >>> to ignore DJB and enable amplification attacks. >=20 >> What from DJB did they ignore? I honestly don't know what you're >> talking about. >=20 >=20 > This was a non-sequitur as far as I can tell, but I remember the > amplification attack from a talk: >=20 > http://vimeo.com/18279777 (video) > http://cr.yp.to/talks/2010.12.28/slides.pdf (slides) >=20 > It was a really good talk, however you feel about DJB. >=20 >=20 Didn't watch the video, but I did read the slide deck. It's a good read, even if I disagree with a number of key points, disagree with the tack taken as a solution, and further think the presenter cherry-picked his arguments, amplified inconsequential pieces of the problem space and skipped over obvious problems with his approach. (Hm. I suspect I'm formulating an opinion on DJB, and I didn't have one a couple hours ago...) (That said, he does seem to know how to use slide decks properly!= ) I believe Kevin's position is that, while I cited "secure your DNS" in response to some of the arguments raised by a slide deck he linked to, "securing your DNS" would likely involve using DNSSEC, which DJB argues enable amplification attacks. ------enig2FSBAHGHMUFWEXAXWLOAK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRPUKKAAoJED5TcEBdxYwQAfEH/203QEbV31ZA0XBuVbPonS69 65QWNCwhn19ZuxZf9IRMmYWarxhU0edGKVgpNuccSsslZbY5GlKSzE1IRAkH+Vg9 /vOXrQyQ5ZwWbM7pRTGk+hkBFfS1FZ3ovgash8fWYNZ/XtpOTW5CwhLELWLV2ZOU j/V2aNh2bAOkZVuCe5GMH2+KF6zRbAGjVmDIiqjOLb08/ImsrUcgBNVSc4211mHU weeP43mhsSFrREQlZxJoXj/fi6RgYiBNDBYR6zmTRM9Ej7E6ayer4ds6j4efJg4O UGxQT7HDNL1iF0KW5lB6nHIOTpq7rdp7zOV09rVcHVbANz17SBQ6d3eicTUbYcQ= =Sv4A -----END PGP SIGNATURE----- ------enig2FSBAHGHMUFWEXAXWLOAK--