Re: DNSSEC is NOT secure end to end

ietf

Re: DNSSEC is NOT secure end to end

2009-06-08 15:37:24

Ohta-san,

On Sat, 2009-06-06 at 12:04 +0900, Masataka Ohta wrote:

Shane Kerr wrote:

I think we all understand that it is possible to inject bad data into
the DNS at the parent.

I "the parent" in the same sense as in RFC 1034 - the delegating level.
So, for EXAMPLE.COM this would be COM.


If you mean COM zone, it is not necessary to inject any data into
the zone.

You, instead, can inject a forged certificate into some cache used
by your victim.


You said transport security can help. How can it in this case?


Also, how can you create a forged certificate?

--
Shane


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DNSSEC is NOT secure end to end (more tutorial than debating), (continued) Re: DNSSEC is NOT secure end to end (more tutorial than debating), Andrew Sullivan Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta Re: DNSSEC is NOT secure end to end (more tutorial than debating), Mark Andrews Re: DNSSEC is NOT secure end to end (more tutorial than debating), Masataka Ohta DNSSEC was never designed for transport end to end security, Bill Manning DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Shane Kerr <= Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: [Asrg] DNSSEC is NOT secure end to end, Paul Wouters Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Bill Manning Re: [Asrg] DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Marc Manthey Re: DNSSEC is NOT secure end to end, Masataka Ohta Re: DNSSEC is NOT secure end to end, Andrew Sullivan Re: DNSSEC is NOT secure end to end, Simon Josefsson Re: DNSSEC is NOT secure end to end, Mans Nilsson

Previous by Date:	Re: [OPSAWG] Last Call: draft-ietf-opsawg-operations-and-management(Guidelines for Considering Operations and Management of NewProtocols and Protocol Extensions) to BCP, Juergen Schoenwaelder
Next by Date:	Re: Gen-ART LC Review of draft-ietf-geopriv-http-location-delivery-14.txt, Bernard Aboba
Previous by Thread:	Re: DNSSEC is NOT secure end to end, Masataka Ohta
Next by Thread:	Re: DNSSEC is NOT secure end to end, Masataka Ohta
Indexes:	[Date] [Thread] [Top] [All Lists]