On 5-Dec-2006, at 23:16, Hallam-Baker, Phillip wrote:
From: Danny Mayer [mailto:mayer@gis.net]I suspect that we will see demand for DNSSEC the first time that a bank sees a poisoning attack and their customers get redirected to a fake site and their accounts drained as a result. Phishing attacks can be alleviated since you can tell technologically that the site is not what it claims. Their customers will demand it, the bank will be afraid not to do it, the insurance companies make it a condition of coverage of losses, etc. Then of course the military have a need for it. Of course that still leaves the issue of validating resolvers being not being widely deployed (okay, so only a handful of people have deployed them).This attack is happening but not quite in this way.
The banks around here have fixed that problem by buying insurance which will reimburse both the bank and the customer from fraudulent transactions which occur using the bank's web banking app.
In the case that the customer notices a fraudulent transaction, the bank reimburses them, the insurance company reimburses them, and everybody is happy.
In the case that the customer doesn't notice a fraudulent transaction, nobody does anything and everybody is still happy.
DNSSEC will need to be as reliable as this, and noticably cheaper than the insurance, before I would expect these banks to start caring about it.
Joe -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>