Vernon,
On Oct 3, 2012, at 6:38 AM, Vernon Schryver <[email protected]> wrote:
> Any popular scheme that works around DNS, HTTP, ssh, etc.
> man-in-the-middle attacks that become popular will be blocked,
> proxied, or hijacked unless most users normally use tools that
> detect and refuse to work with men in the middle.
You're assuming the MITM attacks are intentional. My impression is that the
majority of the issues in getting EDNS0-requiring protocols to work are due to
ignorance, e.g., valid DNS responses are always UDP<512bytes or valid DNS types
are {A,MX,SOA,NS,PTR,TXT}. If this is true, than egregious hack workarounds
like using HTTP/S as a transport will solve most of the problem (not that I
think this is the best solution).
Regards,
-drc
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
