[dns-operations] summary of recent vulnerabilities in DNS security.

Haya Shulman haya.shulman at gmail.com
Wed Oct 23 19:56:20 UTC 2013


>
> I see I'm stupid for not seeing that in the first message. I did search
> for 'http' but somehow didn't see the URL. But why not simply repeat
> the URL for people like me? Why not the URL of the paper at the
> beginning instead of a list of papers?
> https://sites.google.com/site/hayashulman/files/NIC-derandomisation.pdf



I did not realise that this was the problem, I thought that for some reason
you could not download from my site, indeed, using the url would have been
more convenient, sorry.

By searching for "DNSSEC" with my PDF viewer, I found what I consider
> too few references to the effectiveness of DNSSEC against the attacks.
> There is nothing about DNSSEC in the abstract, a list of DNSSEC problems
> early, and a DNSSEC recommendation in the conclusion that reads to me
> like a concession to a referee. Others will disagree.



Ok, thanks for this comment, please clarify which paper you are referring
to, and I will check if appropriate references could be added.


- forwarding to third party resolvers.
>
> I agree so strongly that feels like a straw man. I think
> forwarding to third pary resolvers is an intolerable and
> unnecessary privacy and security hole. Others disagree.
> - other mistakes
> that I think are even worse than forwarders.
> - DNSSEC
> Perhaps that will be denied, but I challenge others to read those
> papers with their litanies of DNSSEC issues and get an impression
> of DNSSEC other than "sow's ear sold as silk." That was right
> for DNSSEC in the past. Maybe it will be right forever. I hope
> not, but only years will tell. As far as I can tell from a quick
> reading, the DNSSEC issues are valid, but are sometimes backward
> looking, perhaps due to publication delays. For example, default
> verifying now in server software and verifying by resolvers such
> as 8.8.8.8 should help the verifying situation.
>
>
Agreed and noted, thank you.

p.s. Can you please cc me when sending responses related to me? Thank you
in advance!

--
Best Regards,
Haya Shulman
Technische Universität Darmstadt

FB Informatik/EC SPRIDE

Mornewegstr. 30

64293 Darmstadt

Tel. +49 6151 16-75540

www.ec-spride.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20131023/389f911c/attachment.html>


More information about the dns-operations mailing list