[82464] in North American Network Operators' Group
Re: Non-English Domain Names Likely Delayed
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Tue Jul 19 06:49:04 2005
In-Reply-To: <p06200767bf027f65d653@[10.0.1.3]>
Cc: NANOG <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 19 Jul 2005 12:46:01 +0200
To: Brad Knowles <brad@stop.mail-abuse.org>
Errors-To: owner-nanog@merit.edu
On 19-jul-2005, at 12:11, Brad Knowles wrote:
[need to trust the DNS system]
>> Actually, you don't. If the DNS provides false information, the
>> public
>> key crypto will catch this. Sure, you won't be able to
>> communicate, but
>> you can't be fished that way.
> What public key crypto are you talking about?
The public key crypto that powers the authentication in SSL.
>> I don't see why this would need to be "fixed". We're not talking
>> about
>> 5 year olds, people need to be able to cross the road without
>> someone
>> holding their hand.
> You're on a slippery slope here. At what point do you think
> that you can stop protecting the users? How do you justify that?
I justify it because "protecting" users agains the fact that similar
looking/sounding names actually map to completely different things
ultimately can't be done, so it's better to not do it at all so users
get burned by relatively harmless examples of this phenomenon
(www.gougle.com and the like) so they understand it and foster the
appropriate level of distrust.
