On Mon, Nov 13, 2006 at 10:15:07PM -0800, Douglas Otis wrote: > There is a general threat to DNS created by an experimental email script > contained within DNS records.
As far as I understand, the attack vector relies on some process outside the DNS retrieving, interpreting and acting on records contained in the DNS. Is this correct? If so, my feeling is the SPF folks should revise their protocol. Perhaps it isn't altogether a good idea to make protocols general enough to be near-Turing-complete for the sake of data compression. However, please clarify why a DNS working group should take responsibility for fixing the semantics of data people choose to put into the DNS. People bringing down parts of the DNS through DOS attacks is hardly new. Storing the semantics of the attack into the DNS itself is cute but hardly a cause for action by a DNS working group. Finally, if such a protocol (experimental, right?) were to start being deployed, it would likely destroy its own ecology, so I don't see it lasting long in an environment of cautious network operators. -- Andras Salamon [EMAIL PROTECTED] . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
