Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical R

ietf-asrg

Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review

2009-05-29 15:06:58

* Douglas Otis:

Just using TCP would prevent most of the DNS poisoning attacks that
Amir's paper reports.


TCP is prone to DDoS attack.


Only when implemented naively.  If the client does not split the query
into two packets or artificially lowers the window size, you can
answer it without creating any state.

The argument against TCP is not the protocol.  It's just that you have
to upgrade both authoritative servers and resolvers to make it work
well.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNS over SCTP, (continued) Re: DNS over SCTP, David Conrad Re: DNS over SCTP, Masataka Ohta Re: DNS over SCTP, Alessandro Vesely Re: DNS over SCTP, Michael Tüxen Re: DNS over SCTP, Francis Dupont Re: DNS over SCTP, Douglas Otis Re: DNS over SCTP, Francis Dupont Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNS over SCTP (was: Re: DNS-based Email Sender Authentication Mechanisms: a Critical Review, SM Re: DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review, Francis Dupont Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Florian Weimer <= Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Florian Weimer Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, John Leslie Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Amir Herzberg Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Amir Herzberg Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Jose-Marcio Martins da Cruz Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Chris Lewis Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Jose-Marcio Martins da Cruz

Previous by Date:	Re: DNS over SCTP, David Conrad
Next by Date:	Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis
Previous by Thread:	Re: DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review, Francis Dupont
Next by Thread:	Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review, Douglas Otis
Indexes:	[Date] [Thread] [Top] [All Lists]