cryptography  

RFC 3833 Threat analysis of the domain name system (DNS)

Anne & Lynn Wheeler
Wed, 25 Aug 2004 16:22:47 -0700

as always ... can go to
http://www.garlic.com/~lynn/rfcietff.htm

and either scroll down the summary page to the 3833 summary and then retrieve the actual RFC by clicking on the ".txt=nnnn" field.

In this case it is also possible to click on "Term (term->RFC#)" in the "RFC's listed by" section ... and then click on "DNSSEC" in the acronym fastpath section at the top. That brings up the DNSSEC RFCs. ... where DNSSEC (and/or domain name security) appeared somewhere in the title or abstract.

as a side note, I've just done about everything possible that I can do with scanning actual RFCs for references. I did a pass ... where I created a list of all RFCs ... where the scan didn't produce RFC numbers from a reference section ... and then scanned those RFCs for anything that looked like there might be a RFC number anywhere in the body. Then I manually examined that list of RFCs for how they formated/called the references section. somewhat more detailed discussion of the references & md5 stuff:
http://www.garlic.com/~lynn/2004k.html#6






        RFC 3833
        Title:      Threat Analysis of the Domain Name System (DNS)
        Author(s):  D. Atkins, R. Austein
        Status:     Informational
        Date:       August 2004
        Mailbox:    [EMAIL PROTECTED], [EMAIL PROTECTED]
        Pages:      16
        Characters: 39303
        Updates/Obsoletes/SeeAlso:    None
        I-D Tag:    draft-ietf-dnsext-dns-threats-07.txt
        URL:        ftp://ftp.rfc-editor.org/in-notes/rfc3833.txt

Although the DNS Security Extensions (DNSSEC) have been under
development for most of the last decade, the IETF has never written
down the specific set of threats against which DNSSEC is designed to
protect.  Among other drawbacks, this cart-before-the-horse situation
has made it difficult to determine whether DNSSEC meets its design
goals, since its design goals are not well specified.  This note
attempts to document some of the known threats to the DNS, and, in
doing so, attempts to measure to what extent (if any) DNSSEC is a
useful tool in defending against these threats.




--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/ 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]