[dns-operations] summary of recent vulnerabilities in DNS security.
haya.shulman at gmail.com
Wed Oct 23 19:56:20 UTC 2013
> I see I'm stupid for not seeing that in the first message. I did search
> for 'http' but somehow didn't see the URL. But why not simply repeat
> the URL for people like me? Why not the URL of the paper at the
> beginning instead of a list of papers?
I did not realise that this was the problem, I thought that for some reason
you could not download from my site, indeed, using the url would have been
more convenient, sorry.
By searching for "DNSSEC" with my PDF viewer, I found what I consider
> too few references to the effectiveness of DNSSEC against the attacks.
> There is nothing about DNSSEC in the abstract, a list of DNSSEC problems
> early, and a DNSSEC recommendation in the conclusion that reads to me
> like a concession to a referee. Others will disagree.
Ok, thanks for this comment, please clarify which paper you are referring
to, and I will check if appropriate references could be added.
- forwarding to third party resolvers.
> I agree so strongly that feels like a straw man. I think
> forwarding to third pary resolvers is an intolerable and
> unnecessary privacy and security hole. Others disagree.
> - other mistakes
> that I think are even worse than forwarders.
> - DNSSEC
> Perhaps that will be denied, but I challenge others to read those
> papers with their litanies of DNSSEC issues and get an impression
> of DNSSEC other than "sow's ear sold as silk." That was right
> for DNSSEC in the past. Maybe it will be right forever. I hope
> not, but only years will tell. As far as I can tell from a quick
> reading, the DNSSEC issues are valid, but are sometimes backward
> looking, perhaps due to publication delays. For example, default
> verifying now in server software and verifying by resolvers such
> as 22.214.171.124 should help the verifying situation.
Agreed and noted, thank you.
p.s. Can you please cc me when sending responses related to me? Thank you
Technische Universität Darmstadt
FB Informatik/EC SPRIDE
Tel. +49 6151 16-75540
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations