[dssa] Adobe Connect - Chat Transcript from Joint DNS Security and Stability Analysis Working Group

[Gisella Gruber-White <Gisella.Gruber-White@xxxxxxxxx>]

>  Gisella Gruber-White:Welcome to the DSSA WG Call on Thursday 15
>September 2011
>  Rossella Mattioli:Good morning
>  Gisella Gruber-White:The audio bridge has been connected to the Adobe
>Connect room 
>  Bart:Good afternoon
>  Greg Aaron:Hello
>  Keith Drazek:Good morning all.
>  Mark Kosters:works fo rme
>  Rossella Mattioli:also for me
>  Jacques Latour:yes, should be in
>  Arturo Servin:I am here, I have no mic but I will use chat
>  Mark Kosters:no mic either
>  Mark Kosters:was deferring the consensus call called out earlier
>  Mark Kosters:(was what worked for me)
>  CLO:Sorry had to reboot lappy froze
>  Rossella Mattioli:this is difficult
>  CLO:hmmm  sitting on the fence for hyjacking
>  Rossella Mattioli:one domain for me is out of scope
>  Arturo Servin:Sae as Rossella
>  Carlos M. Martinez - LACNIC:wll, i'm more on the same page as rosella
>  Arturo Servin:if it were a bunch or all domains under a ccTLD, gTLD may
>be
>  Carlos M. Martinez - LACNIC:single domain hijack is out of scope for me
>  Carlos M. Martinez - LACNIC:mass hijack or whole ccTLD could be a
>different matter
>  Mark Kosters:is the registrar interface out of scope?
>  Rossella Mattioli:mass hijacking is in scope also for me
>  Mark Kosters:or do we only look at dns protocol  issues?
>  CLO:Good question Mark
>  Mark Kosters:the former is squarely in icann's camp
>  Carlos M. Martinez - LACNIC:I believe that we should look at the whole
>DNS ecosystem, not only the protocol
>  Mark Kosters:the latter is questionable
>  Jacques Latour:domain hijacking within the registry out.  hijaking via
>network or via protocol, then in.
>  CLO:I can agree with Jacques
>  Greg Aaron:a mass hijack due to compromise of a registry = authority
>compromise
>  CLO:Yes Greg indeed
>  Jacques Latour:packet interception can result in hijack
>  CLO:OK  I'm off the fence now
>  CLO:another HMMMM   for me  so out
>  Rossella Mattioli:hmmm for me too
>  Mark Kosters:who else would expose this?
>  Mark Kosters:sure
>  Jacques Latour:this would resolve oin authority compromise
>  Jacques Latour:result
>  Arturo Servin:Would it be better Registry impersonation?
>  Arturo Servin:does it exist?
>  Keith Drazek:apologies i have todrop for another meeting
>  Greg Aaron:taht was an old hand
>  Jacques Latour:this is a threat for internal network, not the DNS
>  CLO:OK  in that case I can go with  NOT a real threat to Sec &
>Stability to DNS
>  CLO:Thank You gentlemen
>  Carlos M. Martinez - LACNIC:FF is employed as an evasion technique, but
>very similar techniques are sometimes legitimately employed (by CDNs
>f/example)
>  Carlos M. Martinez - LACNIC:so it is more a question of intent rather
>than threat
>  Rossella Mattioli:I agree with Carlos
>  Jacques Latour:dunno...
>  Rossella Mattioli:I agree can be out of scope but I think
>  Rossella Mattioli:we should at least consider as a marginal threats
>that could be largerly
>  Rossella Mattioli:exploit in the future
>  Carlos M. Martinez - LACNIC:my concern here is on possible software
>bugs dealing with idn string processing
>  CLO:also a dunno  I'm tempted to say Out of Scope for us now  but
>possible in Future  Yes  PARK it somewhere
>  Carlos M. Martinez - LACNIC:i agree with CLO
>  Carlos M. Martinez - LACNIC:let's park it for now
>  Rossella Mattioli:yep, park :)
>  Jacques Latour:ok park
>  Jacques Latour:this is defined above in authorization control?
>  Jacques Latour:once we all start putting and changing in DNSKEYS on a
>monthly basis, errors will cause stability issues
>  Greg Aaron:SSAC 44 is entitled: "A Registrant's Guide to Protecting
>Domain Name Registration Accounts "
>  Greg Aaron:this is an issue of individual domain names
>  Greg Aaron:not an ICANN issue
>  Greg Aaron:not a threat to terh DNS ssytem
>  Jacques Latour:parking?
>  CLO:Park it  YES
>  Jacques Latour:out
>  Rossella Mattioli:thank you so much
>  Greg Aaron:thanks
>  Jacques Latour:thanks!!!
>  CLO:Excellent  Thanks Mikey  Thanks A::
>  Rossella Mattioli:bye
>  Carlos M. Martinez - LACNIC:bye!!