Re: DNSSEC is NOT secure end to end

ietf

Re: DNSSEC is NOT secure end to end

2009-06-05 23:05:38

Shane Kerr wrote:

I think we all understand that it is possible to inject bad data into
the DNS at the parent.

I "the parent" in the same sense as in RFC 1034 - the delegating level.
So, for EXAMPLE.COM this would be COM.


If you mean COM zone, it is not necessary to inject any data into
the zone.

You, instead, can inject a forged certificate into some cache used
by your victim.

It will be extremely easy if people are deceived that DNSSEC were
so secure that no proteciton on cache were necessary.

                                                        Masataka Ohta


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNSSEC is NOT secure end to end (more tutorial than debating), (continued) Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Andrew Sullivan Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta DNSSEC was never designed for transport end to end security, Bill Manning DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr Re: DNSSEC is NOT secure end to end, Masataka Ohta <= Re: DNSSEC is NOT secure end to end, Shane Kerr Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNSSEC is NOT secure end to end, Paul Wouters Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Bill Manning Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Marc Manthey Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Andrew Sullivan Re: DNSSEC is NOT secure end to end, Simon Josefsson

Previous by Date:	Re: Last Call: draft-dawkins-nomcom-dont-wait (Nominating Committee Process: Earlier Announcement of Open Positions and Solicitation of Volunteers) to BCP, Russ Housley
Next by Date:	Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta
Previous by Thread:	Re: DNSSEC is NOT secure end to end, Shane Kerr
Next by Thread:	Re: DNSSEC is NOT secure end to end, Shane Kerr
Indexes:	[Date] [Thread] [Top] [All Lists]