[dssa] Adobe Connect - Chat Transcript from Joint DNS Security and Stability Analysis Working Group
- To: DSSA WG <dssa@xxxxxxxxx>
- Subject: [dssa] Adobe Connect - Chat Transcript from Joint DNS Security and Stability Analysis Working Group
- From: Gisella Gruber-White <Gisella.Gruber-White@xxxxxxxxx>
- Date: Thu, 15 Sep 2011 07:04:06 -0700
> Gisella Gruber-White:Welcome to the DSSA WG Call on Thursday 15
> Rossella Mattioli:Good morning
> Gisella Gruber-White:The audio bridge has been connected to the Adobe
> Bart:Good afternoon
> Greg Aaron:Hello
> Keith Drazek:Good morning all.
> Mark Kosters:works fo rme
> Rossella Mattioli:also for me
> Jacques Latour:yes, should be in
> Arturo Servin:I am here, I have no mic but I will use chat
> Mark Kosters:no mic either
> Mark Kosters:was deferring the consensus call called out earlier
> Mark Kosters:(was what worked for me)
> CLO:Sorry had to reboot lappy froze
> Rossella Mattioli:this is difficult
> CLO:hmmm sitting on the fence for hyjacking
> Rossella Mattioli:one domain for me is out of scope
> Arturo Servin:Sae as Rossella
> Carlos M. Martinez - LACNIC:wll, i'm more on the same page as rosella
> Arturo Servin:if it were a bunch or all domains under a ccTLD, gTLD may
> Carlos M. Martinez - LACNIC:single domain hijack is out of scope for me
> Carlos M. Martinez - LACNIC:mass hijack or whole ccTLD could be a
> Mark Kosters:is the registrar interface out of scope?
> Rossella Mattioli:mass hijacking is in scope also for me
> Mark Kosters:or do we only look at dns protocol issues?
> CLO:Good question Mark
> Mark Kosters:the former is squarely in icann's camp
> Carlos M. Martinez - LACNIC:I believe that we should look at the whole
>DNS ecosystem, not only the protocol
> Mark Kosters:the latter is questionable
> Jacques Latour:domain hijacking within the registry out. hijaking via
>network or via protocol, then in.
> CLO:I can agree with Jacques
> Greg Aaron:a mass hijack due to compromise of a registry = authority
> CLO:Yes Greg indeed
> Jacques Latour:packet interception can result in hijack
> CLO:OK I'm off the fence now
> CLO:another HMMMM for me so out
> Rossella Mattioli:hmmm for me too
> Mark Kosters:who else would expose this?
> Mark Kosters:sure
> Jacques Latour:this would resolve oin authority compromise
> Jacques Latour:result
> Arturo Servin:Would it be better Registry impersonation?
> Arturo Servin:does it exist?
> Keith Drazek:apologies i have todrop for another meeting
> Greg Aaron:taht was an old hand
> Jacques Latour:this is a threat for internal network, not the DNS
> CLO:OK in that case I can go with NOT a real threat to Sec &
>Stability to DNS
> CLO:Thank You gentlemen
> Carlos M. Martinez - LACNIC:FF is employed as an evasion technique, but
>very similar techniques are sometimes legitimately employed (by CDNs
> Carlos M. Martinez - LACNIC:so it is more a question of intent rather
> Rossella Mattioli:I agree with Carlos
> Jacques Latour:dunno...
> Rossella Mattioli:I agree can be out of scope but I think
> Rossella Mattioli:we should at least consider as a marginal threats
>that could be largerly
> Rossella Mattioli:exploit in the future
> Carlos M. Martinez - LACNIC:my concern here is on possible software
>bugs dealing with idn string processing
> CLO:also a dunno I'm tempted to say Out of Scope for us now but
>possible in Future Yes PARK it somewhere
> Carlos M. Martinez - LACNIC:i agree with CLO
> Carlos M. Martinez - LACNIC:let's park it for now
> Rossella Mattioli:yep, park :)
> Jacques Latour:ok park
> Jacques Latour:this is defined above in authorization control?
> Jacques Latour:once we all start putting and changing in DNSKEYS on a
>monthly basis, errors will cause stability issues
> Greg Aaron:SSAC 44 is entitled: "A Registrant's Guide to Protecting
>Domain Name Registration Accounts "
> Greg Aaron:this is an issue of individual domain names
> Greg Aaron:not an ICANN issue
> Greg Aaron:not a threat to terh DNS ssytem
> Jacques Latour:parking?
> CLO:Park it YES
> Jacques Latour:out
> Rossella Mattioli:thank you so much
> Greg Aaron:thanks
> Jacques Latour:thanks!!!
> CLO:Excellent Thanks Mikey Thanks A::
> Rossella Mattioli:bye
> Carlos M. Martinez - LACNIC:bye!!