On Mon, 15 Oct 2018 at 04:51, Paul Wouters via dev-security-policy <[email protected]> wrote: > > On Oct 14, 2018, at 21:09, jsha--- via dev-security-policy > <[email protected]> wrote: > > > > There’s a paper from 2013 outlining a fragmentation attack on DNS that > > allows an off-path attacker to poison certain DNS results using IP > > fragmentation[1]. I’ve been thinking about mitigation techniques and I’m > > interested in hearing what this group thinks. > > > > The mitigation is dnssec. Ensure your data is cryptographically protected.
That would be nice, but as that is not available to everyone, a comprehensive solution is also desirable. -tom _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
