[dns-operations] Call for Papers: NDSS Workshop on DNS Privacy 2018

Paul Vixie paul at redbarn.org
Tue Oct 10 13:35:33 UTC 2017



风河 wrote:
> How would you handle the case of DNS hajacking and poisoning? even worse
> if it happens at national level.

hijacking/poisoning could mean nxdomain substitution, name insertion, 
rrset amendment/replacement, or policy based response modification for 
defense purposes. the first three fall under the dnssec umbrella, so the 
ietf probably does not intend to re-litigate, re-analyze, or re-solve 
those matters in dprive-wg.

the fourth (policy based response for defense purposes) is in-scope, as 
far as i'm concerned, since two knobs ("is it opt-in?" and "does it pass 
dnssec-signed responses through unmodified?") are both bulwarks of basic 
internet privacy, and should be discussed in the dprive-wg context.

-- 
P Vixie




More information about the dns-operations mailing list