[ NNSquad ] Re: Liability issues in ISP-injected ad systems?

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Liability issues in ISP-injected ad systems?

To: Kelly Setzer <setzer@liquidchicken.org>
Subject: [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
From: Vint Cerf <vint@google.com>
Date: Tue, 22 Apr 2008 17:27:35 -0400
Cc: nnsquad@nnsquad.org, Rich Kulawiec <rsk@gsp.org>

Kelly's point is perhaps the most important in my opinion; diversion of NXDOMAIN seriously wreck the confidence anyone can have in protocols that expect either to get to the right destination or be told it does not exist. this also underscores the desirability of having a way to authenticate the destination you reach, independent of the DNS lookup. "HI, you're supposed to be mumble.foo - please prove it by encrypting this random challenge N in your private key so I can verify you're you with your public key" - and yes, I understand the messy problem with certificates and revocation, etc.

On Apr 21, 2008, at 2:44 PM, Kelly Setzer wrote:

Rich Kulawiec wrote:
On Sun, Apr 20, 2008 at 04:07:19PM -0600, Brett Glass wrote:
It is unclear why this would create any more or different vulnerabilities than one might expect from any other site which contained third party advertising.
One of the negative consequences of this (although it might arguably
be considered an existing vulnerability) is that failure to properly
return NXDOMAIN breaks any number of anti-spam measures.
Some VPN software depends on NXDOMAIN as a hint to retry a request over the VPN. Last time I checked, the AEPNetworks SmartPass/ SmartGate product does this.

Another really stunning problem is the consequence of DNS alteration when mixed with administrative mistakes. A few years ago, Microsoft inadvertently allowed their passport.net domain to expire. It was removed from the root servers and access to hotmail.com and other Microsoft properties was substantially broken. I suspect that Microsoft would greatly prefer that passport.net be broken while they worked to renew the domain registration. Having their customers directed to advertisements they have no relation to or control over would not, in my mind, be good for their business. The fact that the domain in question is intimately involved in authentication increases the risk. Six Apart's typekey identity manager would be similarly affected (typekey.com).

Kelly

References:
- [ NNSquad ] Liability issues in ISP-injected ad systems?
  - From: Lauren Weinstein <lauren@vortex.com>
- [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
  - From: Brett Glass <nnsquad@brettglass.com>
- [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
  - From: Rich Kulawiec <rsk@gsp.org>
- [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
  - From: Kelly Setzer <setzer@liquidchicken.org>

Prev by Date: [ NNSquad ] Re: FW: P2P Infrastructure Workshop Announcement, May 28, 2008
Next by Date: [ NNSquad ] Re: [IP] Re: a wise word from a long time network person -- Merccurynews report on Stanford hearing
Previous by thread: [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
Next by thread: [ NNSquad ] Text of my prepared remarks for the Stanford FCC hearing
Index(es):
- Date
- Thread