[dns-operations] summary of recent vulnerabilities in DNS security.

Haya Shulman haya.shulman at gmail.com
Wed Oct 23 19:56:20 UTC 2013

> I see I'm stupid for not seeing that in the first message. I did search
> for 'http' but somehow didn't see the URL. But why not simply repeat
> the URL for people like me? Why not the URL of the paper at the
> beginning instead of a list of papers?
> https://sites.google.com/site/hayashulman/files/NIC-derandomisation.pdf

I did not realise that this was the problem, I thought that for some reason
you could not download from my site, indeed, using the url would have been
more convenient, sorry.

By searching for "DNSSEC" with my PDF viewer, I found what I consider
> too few references to the effectiveness of DNSSEC against the attacks.
> There is nothing about DNSSEC in the abstract, a list of DNSSEC problems
> early, and a DNSSEC recommendation in the conclusion that reads to me
> like a concession to a referee. Others will disagree.

Ok, thanks for this comment, please clarify which paper you are referring
to, and I will check if appropriate references could be added.

- forwarding to third party resolvers.
> I agree so strongly that feels like a straw man. I think
> forwarding to third pary resolvers is an intolerable and
> unnecessary privacy and security hole. Others disagree.
> - other mistakes
> that I think are even worse than forwarders.
> Perhaps that will be denied, but I challenge others to read those
> papers with their litanies of DNSSEC issues and get an impression
> of DNSSEC other than "sow's ear sold as silk." That was right
> for DNSSEC in the past. Maybe it will be right forever. I hope
> not, but only years will tell. As far as I can tell from a quick
> reading, the DNSSEC issues are valid, but are sometimes backward
> looking, perhaps due to publication delays. For example, default
> verifying now in server software and verifying by resolvers such
> as should help the verifying situation.
Agreed and noted, thank you.

p.s. Can you please cc me when sending responses related to me? Thank you
in advance!

Best Regards,
Haya Shulman
Technische Universität Darmstadt

FB Informatik/EC SPRIDE

Mornewegstr. 30

64293 Darmstadt

Tel. +49 6151 16-75540

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20131023/389f911c/attachment.html>

More information about the dns-operations mailing list