Paul Hoffman wrote: > Paul's "no" (which I agree with) shows what might be a fatal flaw in > draft-muks-dnsop-dns-message-checksums: an attacker just needs to send > fragments that look like they say "I don't understand the new EDNS0 > option". Does that make sense?
well, that was my reasoning for not including end to end checksumming in EDNS0 itself (as a fixed field.) -- Paul Vixie _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
