[dns-operations] root? we don't need no stinkin' root!
ietf-dane at dukhovni.org
Fri Nov 29 20:25:29 UTC 2019
On Fri, Nov 29, 2019 at 07:34:56PM +0000, Tony Finch wrote:
> Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> > refection of answers to forged source IPs is not available with TCP
> Attackers can get a small amplification from SYN/ACK retries, and this is
> being used in the wild.
Thanks for the link, appreciated. Perhaps the answer is that a future root
zone retrieval service should be available only via QUIC with always-on address
This should also facilitate data integrity.
More information about the dns-operations