Hi All, I have a basic question to ask related to the below-mentioned lines of the draft.
>We additionally consider the Denial of Service risk posed by an > attacker who can modify the DNS records for a victim domain. Absent > SMTP STS, such an attacker can cause a sending MTA to cache invalid > MX records for a long TTL. With SMTP STS, the attacker can > additionally advertise a new, long-"max_age" SMTP STS policy with > "mx" constraints that validate the malicious MX record, causing > senders to cache the policy and refuse to deliver messages once the > victim has resecured the MX records. > This attack is mitigated in part by the ability of a victim domain to > (at any time) publish a new policy updating the cached, malicious > policy, though this does require the victim domain to both obtain a > valid CA-signed certificate and to understand and properly configure > SMTP STS. *can the above mentioned solution, provide the preemptive measure for avoiding the DOS attack?* Regards Ranjana Centre for Development of Advanced Computing(CDAC),Bangalore(India)
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
