Let's us paint a picture...
The Data Integrity and Security Models apply to the DNS systems as
well. Since these are key to the security models which are used to
protect privacy impacted and financial data they are also included. I
think this is inherently obvious, in fact its so obvious that arguing
about it is silly. The access model for the (seamless information
control/access process) at hand is also controlled by the Data
Integrity directives too. The idea that the systems which control
access to these protected data are not also protected is laughable IMHO
Todd
So a Medical Records Purveyor in the UK puts their data online for
Doctor's to download. And because of the BGP4 Routing Flap the MitM
Attack is seamlessly functional. After some period of time the DNS
records in the master Root Server are compromised and the pointer to the
Records Bureau is changed to point to a server being operated off of a
boat in the Indian Ocean. This one is specific to a particular person's
medical history, and so then you as the competent member of the Treadway
project simply contaminate the person's food with some shellfish extract
and poof - Anaphylaxis and the target is kaput.
This is a specific hack where DNS would be used effectively to kill
someone by redirecting the Medical Records Bureau where this patients
data resides to a new faked system, and as long as it worked like it was
supposed to which wouldn't be to hard to fake, the relying Doctor would
never know.
Now - once again - the integrity of the DNS being requested for ANY act
which would provide data to a user wherein that data is controlled by a
Privacy Act or likewise the EU Data Integrity Act, would also constrain
here as well. The funniest part is that I bet that the RFC3161 crowd
still doesnt get that the EU Timestamping Directives apply directly to
the management of systems logs in the EU as well. - Cracks me up!
Todd Glassey
Regards,
-sm
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
