On Wed, 8 Aug 2007, Stephane Bortzmeyer wrote:
I'm afraid that we will be sollicited one day or the other to write a
RFC about DNS practices to limit rebinding? It seems trendy.
Do note that many advices in "Protecting Browsers from DNS Rebinding
Attacks" (http://crypto.stanford.edu/dns/dns-rebinding.pdf) belong in
our perimeter (some remind me of
draft-ietf-dnsop-reverse-mapping-considerations, some ask for a
violation of the DNS protocol). Advices?
Thanks for the interesting link. This certainly shows that "use
hostnames everywhere" idiom that the IETF has been repeating doesn't
quite work as intended in the real life :-)
I wonder if the authors and vendors have considered if there are
conseuqences for IPv4/IPv6 dual-stack operation where a standard
practice is to provide multiple IP addresses under a single name.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
