ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard

2015-02-27 04:06:07
from [Patrik Fältström] [Permanent Link] 


On 27 Feb 2015, at 10:56, Eliot Lear <lear(_at_)cisco(_dot_)com> wrote:

Given a slightly modified example from your document:

  $ORIGIN example.net.
  _http._web    IN URI 10 1 "httpS://www.example.com/"

If the intent here is to declare an equivalence between
http://example.com and https://www.example.com the problem is that
absent DNSSEC one is subject to a downgrade attack.  Thus a browser
cannot trust the equivalence.


Absolutely!

I get that, completely.

I wanted to know what is so special about URI that SRV and MX do _not_ have.

I was surprised I was coming up with some _NEW_ attack vector.

   Patrik

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard, Eliot Lear
Next by Date:  Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard, Eliot Lear
Previous by Thread:  Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard, Eliot Lear
Next by Thread:  Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard, Eliot Lear
Indexes:  [Date] [Thread] [Top] [All Lists]