On Tue, Aug 19, 2014 at 09:17:10PM +0200, Hosnieh Rafiee <[email protected]> wrote a message of 59 lines which said:
> If you think when your domain is signed by DNSSEC, a fake resolver > cannot cause any problem for you, I gives you an example. [Andrew Sullivan explained why this example depends on a lack of understanding of DNSSEC.] > But this is not a case for resolver scenario where the attacker can > actively introduced himself as a resolver. [Paul Wouters already explained that it makes no sense to authentify a DHCP-obtained resolver - since DHCP itself is not secure. You authentify hard-wired resolvers only.] _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
