[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-forgery-resilience-01.txt

To: namedroppers@ops.ietf.org
Subject: Re: draft-ietf-dnsext-forgery-resilience-01.txt
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Date: Sun, 18 Nov 2007 14:29:48 +0100
In-reply-to: <20071110214233.GB8260@laperouse.bortzmeyer.org>
References: <20071110214233.GB8260@laperouse.bortzmeyer.org>
User-agent: Mutt/1.5.15+20070412 (2007-04-11)

On Sat, Nov 10, 2007 at 07:42:33PM -0200,
 Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote 
 a message of 30 lines which said:

> * -01 says "TBD: Do we need to talk about stub resolvers?  Does this
> draft apply to them?" I believe that the answer is yes. A typical stub
> resolver cannot receive unexpected answers (it typically does not
> listen for ever on the network) but it still can be fooled when
> listening for a reply. In addition, a typical stub resolver should
> listen only to the answers coming from the nameservers listed in its
> configuration (/etc/resolv.conf on Unix) but I'm not sure they all
> do and, anyway, it is not sufficient, the other countermeasures
> mentioned in section 9 all apply.

And about this issue? Everybody agrees?

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Alex Bligh <alex@alex.org.uk>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: bert hubert <bert.hubert@netherlabs.nl>

References:
- draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>

Prev by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Previous by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Index(es):
- Date
- Thread