>The ip= modifier would be a great way to arrange for something to look like >it came from a different source than its actual source. I'm sure there's >an attack surface in there somewhere.
That's a rather fundamental issue. In the context of TLS, and a DNSSEC insecure zone, there are two realistic attack scenarios: - an attack on DNS that returns different addresses for a DNS lookup - a routing attack, that reroutes traffic. Both types of attacks are realistic and happen quite frequently. If we decide that TLS is strong enough to defend against these attacks, then there is no need to secure the DNS lookup, other than to reduce the risk of denial of service and for privacy reasons. Then such an ip= modifier would be fine, because the worst thing that can happen is denial of service. On the other hand, if we don't trust TLS, then we have a bit of a problem. Too many people using public resolvers. Route hijacks are quite easy, etc. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
