P Vixie (paul) writes:
> M. Shulman, your summary does not list dnssec as a solution to any of these
> vulnerabilities, can you explain why not? Vixie
I was wondering about that, and went to look at the abstracts:
http://link.springer.com/chapter/10.1007/978-3-642-33167-1_16
"Security of Patched DNS"
[...]
We present countermeasures preventing our attacks; however, we believe
that our attacks provide additional motivation for adoption of DNSSEC
(or other MitM-secure defenses).
So at least this seems to be mentioned in the papers themselves (Id
didn't pay to find out).
But I agree that the summary would benefit from stating this, as it's
currently only way to to avoid poisoning. Not stating it could lead
some to believe that these attacks are immune to DNSSEC protection of
the cache.
Cheers,
Phil
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
