> From: Masataka Ohta
<mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp>
>> What DNSsec will provide is ... data origin authentication and data
>> integrity protection.
> That is already offered with plain old DNS with UDP checksum, cookie
> and return routability, though UDP checksum is optional and cookie of
> message ID is a little bit too short.
??? There is clearly something here I don't understand.
How does the UDP checksum plus a cookie (nonce) protect against a MITM attack,
on the path from the server back to the querying entity?
Noel
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf