[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSEC - Signature Only vs the MX/A issue.

To: Mike StJohns <Mike.StJohns@nominum.com>
Subject: Re: DNSSEC - Signature Only vs the MX/A issue.
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Date: Tue, 28 Nov 2006 14:58:06 +0100
Cc: namedroppers@ops.ietf.org
Delivery-date: Tue, 28 Nov 2006 14:02:35 +0000
Envelope-to: namedroppers-data@psg.com
Organization: NIC France
User-agent: Mutt/1.5.13 (2006-08-11)

On Sun, Nov 26, 2006 at 10:26:55PM -0500,
 Mike StJohns <Mike.StJohns@nominum.com> wrote 
 a message of 51 lines which said:

> I chatted briefly with John Klensin about deprecating this MX/A
> alternate in the next revision to RFC2821 - comments on whether this
> is a reasonable approach?

Unfortunately, there are other records that are vulnerable to this
attack (SRV, NAPTR), not just MX.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: DNSSEC - Signature Only vs the MX/A issue.
Next by Date: Re: DNSSEC - Off-tree signatures
Previous by thread: Re: DNSSEC - Signature Only vs the MX/A issue.
Next by thread: Re: DNSSEC - Signature Only vs the MX/A issue.
Index(es):
- Date
- Thread