Hosnieh Rafiee wrote:
> I have gathered some vulnerabilities in the current DNS security approaches
> such as DNSSEC and etc. We think it is useful to have a survey of existing
> vulnerabilities or any new vulnerabilities so that we can address those
> issues in other standard RFC. This is why we plan to write a new
> informational draft.
As was discussed recently in IETF ML, a serious vulnerability of,
so called, DNSSEC is lack of secure time.
In the discussion, there is no practical solution against it,
though some security novices innocently believed GPS time were
automagically secure.
That is, so far, there is no way to have really secure DNSSEC.
Masataka Ohta
>
>
> There is currently one old RFC that address the DNS vulnerabilities:
> http://tools.ietf.org/html/rfc3833
>
> So, we welcome any ideas about this work.
>
> Thanks,
> Best,
> Hosnieh
>
>
>
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
>
>
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
