<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; ">
<div>Paul Vixie wrote:</div>
<span id="OLK_SRC_BODY_SECTION">
<blockquote style="margin:0 0 0 40px; border:none; padding:0px;">
<div><br>
</div>
</blockquote>
<div>
<blockquote style="margin:0 0 0 40px; border:none; padding:0px;">
<div bgcolor="#FFFFFF" text="#000000">Haya Shulman wrote:
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
<div>> > so if i add "first weaponized by Haya Shulman" this would settle the<br>
> > matter?<br>
><br>
> Thank you, can you please use Amir Herzberg and Haya Shulman (I<br>
> collaborated on this attack together with my phd advisor Amir Herzberg).<br>
<br>
</div>
it shall be done.<br>
</blockquote>
<div><br>
</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif">Thank you.</div>
</div>
</div>
</div>
</blockquote>
<br>
upon deeper consideration, "weaponized" is the wrong verb, unless you have released your software. i can say "first published" if that will serve your purpose.<br>
</div>
</blockquote>
</div>
</span>
<div><br>
</div>
<div>Sorry to join the discussion late.</div>
<div><br>
</div>
<div>FYI, I have been working on a proof-of-concept weaponized implementation of a fragmentation-based attack.</div>
<div>(My work is limited only to fragmentation, as I see that as the issue with the largest attack surface and which suffers from potential long-tail problems in mitigations.)</div>
<div><br>
</div>
<div>This work was inspired by Haya/Amir's work, although it did abstract things and go back to first principles on what to do and how to do it. The PoC code is a clean-room implementation.</div>
<div><br>
</div>
<div>I am also loosely collaborating with the CZ folks (Ondřej Surý et al) who are also doing their own independent PoC.</div>
<div><br>
</div>
<div>There was a presentation of this at the latest DNS-OARC meeting, as well as at the last RIPE meeting.</div>
<div><br>
</div>
<div>We will, of course, be keeping the code private, and will avoid releasing too many details.</div>
<div><br>
</div>
<div>When we have specific concrete results, we will share them in a responsible fashion.</div>
<div><br>
</div>
<div>Regardless of the specifics, the general result should be understood: the unsigned aspects of delegations, creates an exposure to poisoning which allows MitM, which facilitates a host of problems to anything which is not totally DNSSEC-signed and DNSSEC-validated.</div>
<div><br>
</div>
<div>Brian Dickson</div>
<div><br>
</div>
<div>P.S. Credit for "weaponized" even if the code is shared with strict controls, rather than released, would be welcome, at the appropriate time.</div>
<span id="OLK_SRC_BODY_SECTION">
<div>
<blockquote style="margin:0 0 0 40px; border:none; padding:0px;">
<div bgcolor="#FFFFFF" text="#000000"><br>
</div>
</blockquote>
</div>
</span>
</body>
</html>