I have to admit one thing I have not really understood is why the level of concern here is so deep.
If I now have e.g. multihomed Linux, often or usually the /etc/resolv.conf points to the DNS server address learned most recently via some mean (RA, DHCPv6). But people are not too worried what is the content of that file? I.e. attacker could just send new RA with DNS server address option and cause problems by drawing DNS traffic to that server? Shouldn't we work e.g. on securing all DHCPv6 signaling? Teemu > -----Original Message----- > From: ext Ted Lemon [mailto:[email protected]] > Sent: 14. tammikuuta 2011 17:13 > To: Savolainen Teemu (Nokia-MS/Tampere) > Cc: [email protected]; [email protected]; [email protected] > Subject: Re: [DNSOP] draft-savolainen-mif-dns-server-selection-06.txt > > On Jan 14, 2011, at 9:58 AM, <[email protected]> wrote: > > Lack of trust on information contained in all options? > > Right. Generally, we assume that the higher-level protocol will have > some sort of security mechanism--e.g., DNSSEC. Or we assume that the > environment in which DHCP is being done is one in which there is no > easy opportunity for attack (e.g., cable modem connection, or secured > home WiFi). > > The problem with this proposal is that it creates a new, generic > mechanism which depends on the data from the DHCP server being > trustworthy. If the data is not trustworthy, the mechanism doesn't > fail. > > The question is, is there some way to give you what you want, without > creating a generic mechanism that has the property of assuming > trustworthiness without proof of trustworthiness. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
