ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Threats Issue - Large DNS records make servers targets for spoofed source amplification attacks abuse

2006-02-27 18:00:34
from [Douglas Otis] [Permanent Link] 

On Feb 27, 2006, at 4:31 PM, Jim Fenton wrote:
In fact the larger the record you put in dns, the better target for such an attack it becomes!
If we were to include this in the threat document, it would need to go into a new category because it's not a threat to the signature mechanism nor to SSP, but rather an attack on DNS that might be facilitated by DKIM. I'm not sure whether this is in-scope for the threat document or not, but it would be an expansion of its current scope to include it.
A concern related to DKIM would be to ensure DNS UDP payloads are not exceeded by the key record response. Not exposing recursive DNS servers is simply good practices which are not specifically related to DKIM. 

-Doug

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Threats Issue - Large DNS records make servers targets for spoofed source amplification attacks abuse, Jim Fenton
Next by Date:  Re: [ietf-dkim] Core algorithm support/use, draft text v2, Eric Rescorla
Previous by Thread:  Re: [ietf-dkim] Threats Issue - Large DNS records make servers targets for spoofed source amplification attacks abuse, Jim Fenton
Next by Thread:  Re: [ietf-dkim] Threats Issue - Large DNS records make servers targets for spoofed source amplification attacks abuse, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]