Re: (ngtrans) Re: IPv6 dns

[Perry E. Metzger]

Bill Manning <[EMAIL PROTECTED]> writes:
> THe last time it was seriously raised was at the Joint IETF/ISOC mtg in 
> Montreal. The failure modes are pretty spectactular, at least until
> DNSsec is deployed and applications can verify the accuracy of the data
> received from a root server.

You can probably manage to forge data in a significant way right now
-- I'm not sure host routes in the DFZ would make that substantially
worse. It is also possible to use standard policy mechanisms to note
attempts to hijack one of the routes...

.pm

---------------------------------------------------------------------
The IPv6 Users Mailing List
Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]