Ohta-san,
On Sat, 2009-06-06 at 12:04 +0900, Masataka Ohta wrote:
Shane Kerr wrote:
I think we all understand that it is possible to inject bad data into
the DNS at the parent.
I "the parent" in the same sense as in RFC 1034 - the delegating level.
So, for EXAMPLE.COM this would be COM.
If you mean COM zone, it is not necessary to inject any data into
the zone.
You, instead, can inject a forged certificate into some cache used
by your victim.
You said transport security can help. How can it in this case?
Also, how can you create a forged certificate?
--
Shane
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf