Sniffen Packets

With a name like Sniffen, it's got to smell good.

Defense in Breadth

An important thing about layers, about defense in depth, is that you can’t even begin to attack one mechanism until you’ve defeated its predecessors. DANE + TLS doesn’t give you layers. If I can subvert your DNSSEC, I can endorse a fresh TLS key, and win. If I can subvert your TLS, I win.

This is defense in breadth, a strategy known mostly for its close association with defeat.

(Thanks to Joshua Guttman for the observations that gave rise to this post.)