[dns-operations] Spoofing DNS with fragments

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Sep 12 18:48:08 UTC 2018


> On Sep 12, 2018, at 1:15 PM, p vixie <paul at redbarn.org> wrote:
> 
> If there is only one very narrow path to implemention of dnssec that will be secure, then that should be part of the specification.

Perhaps at this juncture the discussion should move to dnsop?
Anyone care to write a -00 draft proposing 1 or more (whether
in combination or possible alternatives) counter-measures for
consideration?

-- 
	Viktor.





More information about the dns-operations mailing list