On Mon, 15 Oct 2018 at 04:51, Paul Wouters via dev-security-policy <firstname.lastname@example.org> wrote: > > On Oct 14, 2018, at 21:09, jsha--- via dev-security-policy > <email@example.com> wrote: > > > > There’s a paper from 2013 outlining a fragmentation attack on DNS that > > allows an off-path attacker to poison certain DNS results using IP > > fragmentation. I’ve been thinking about mitigation techniques and I’m > > interested in hearing what this group thinks. > > > > The mitigation is dnssec. Ensure your data is cryptographically protected.
That would be nice, but as that is not available to everyone, a comprehensive solution is also desirable. -tom _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy