ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: RFC 6346 successful: moving to Proposed Standard

2014-12-04 10:44:28
from [Eggert, Lars] [Permanent Link] 
On 2014-12-4, at 17:28, Andrew Sullivan <ajs(_at_)anvilwalrusden(_dot_)com> 
wrote:


In addition, I agree with the remarks elsewhere in the thread that
reducing the number of ports available to clients reduces their
resilience to certain kinds of DNS attacks.  I'm aware that someone
offers an alternative mechanism elsewhere in this thread, but that is
not yet standardized or widely deployed, so it is not an answer today.


And it's not only DNS that is being attacked, that attack just happened to be 
widely publicized. (For example, BGP sessions have been the target of TCP RST 
attacks.) Port randomization is a generally useful technique, which is why we 
did RFC6056, the effectiveness of which is reduced by A+P.

Lars

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: RFC 6346 successful: moving to Proposed Standard, Andrew Sullivan
Next by Date:  IAOC Selection Announcement, IAB Chair
Previous by Thread:  Re: Last Call: RFC 6346 successful: moving to Proposed Standard, Andrew Sullivan
Next by Thread:  Re: Last Call: RFC 6346 successful: moving to Proposed Standard, Ted Lemon
Indexes:  [Date] [Thread] [Top] [All Lists]