North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Non-English Domain Names Likely Delayed

  • From: Iljitsch van Beijnum
  • Date: Tue Jul 19 04:35:04 2005 
On 19-jul-2005, at 1:43, Crist Clark wrote:


If you make a bunch of assumptions

[...]


Plus, you have to trust DNS, which means you have to trust:



  1) the root
  2) the gTLD
  3) the authorative servers for the domain





And for 99% of the users out there,





  4) the caching servers for their ISP/employer/other access
    provider




Actually, you don't. If the DNS provides false information, the  
public key crypto will catch this. Sure, you won't be able to  
communicate, but you can't be fished that way.




you can be sure that when it says https:// www.blah.com/ in your  
browser, you're actually communicating with the  entity holding  
the name www.blah.com in a secure way. So when  something

that looks exactly like www.blah.com is in fact different  from  
www.blah.com, that's a pretty big deal because it breaks the   
whole system.




Assuming the system works. SSL doesn't really work now since
so many users reflexively click through warnings about bad
certificates.




There is no cure for stupidity... And I'm not even sure it's really  
stupidity: in their own twisted way, these users behave rationally  
because the energy to stay safe isn't worth keeping away the bad  
consequences to them. This of course changes when their online  
banking account is raided.




And while we're at it, does any of this fix whether any of
the following,





    www.blah-inc.com
    www.blah.net
    www.blah.biz





Might trick a user into thinking he's connected to the same
entity that owns www.blah.com?




I don't see why this would need to be "fixed". We're not talking  
about 5 year olds, people need to be able to cross the road without  
someone holding their hand.




> So how would fixing this make things worse?





Wrong question. How will fixing this one problem make things any
better?




Simple: the system then performs as designed again. All the other  
problems are more or less under the user's control.




If almost none of the phishing emails I get now bother
to play these kinds of games today, how much does this really help?




And burglars also manage to get inside your house even though you  
lock the door. So better not lock the door then?




Yeah, if it's easy, go ahead, but as the mere existence of this
thread seems to indicate this is not an easy problem. I worry that
like many of the other spam-related problems while we have a lot of
very smart people like yourself thinking hard about how to prevent
abuse, we may just be rearranging the deck chairs on the Titanic.




That is such crap, and it's exactly this attitude that makes it  
possible for spam to persist. When confronted by an apparently  
intractable problem, in very many cases it helps to solve the parts  
that can be solved and then have another look at the remaining  
problem. More often than not it doesn't look as intractable any more.




should we be doing instead?





Many things, perhaps the two most important "we" can do:





  1) Pounding it into the users that you don't ever trust what it
    says in the navigation bar unless you typed it there yourself.
    Corrorlaries: (a) When following links on webpages, your level
    of trust should only be that of the least trusted page in the
    chain of links.




If this is true, it means a failure on the part of the browser. I  
don't think we should live with that but get ourself better browsers.




(b) NEVER EVER, EVER, EVER trust a link in an
    unsigned email.




Haha. I talked to a CERT guy a while ago. They had a service where  
they send out dumbed down warnings to regular users (not sysadmins or  
whatever). I asked him why they didn't use S/MIME to sign their mail.  
"That confuses people." Ok then. If people in the security business  
(how I hate the fact that it's a business these days!) don't even  
want to use the tools that are available, rational thought breaks  
down. (Although I have to admit that it DOES look confusing in  
popular Windows email clients.)




  2) Pounding it into merchants, banks, etc., to make sure they never
    ask their customers to violate (1).




Expansion of 1: don't trust any unsollicited communication. This  
includes all incoming email (unless it's signed but it never is) and  
phone calls. (Law enforcement at your door? How do I know those  
badges are real?) Never give out your password to ANYONE, EVER.




But sorry, I do not have all of the answers either.



(-:




[0] Perhaps a better analogy is that by "cleaning up" DNS, we are

trying to prevent the iceburgs. We should be letting the indvidual

merchants, banks, and other secure sites, the ships, make their

own schemes for avoiding them. We could be helping them build stronger

ships, something better than today's SSL, and mapping out where the

iceburgs are, figuring out where they need to balance convenience

versus security, than trying to clear the seas of all possible  
hazards.



No, what's needed is that systems don't have glaring holes. Email is  
a joke, anyone can send messages with any "From" line that they want.  
Credit cards are a joke, anyone who works in a store can copy numbers  
and then use those online. The trouble with these two is that people  
have been using them as-is for so long that they don't want to give  
up the convenience of the insecurity. So at some level this is  
working for people, or they wouldn't be using it.