[Full-disclosure] DNS spoofing issue. Thoughts on
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Jul 30 16:29:53 BST 2008
On Sun, 27 Jul 2008 14:07:03 EDT, Glenn.Everhart at chase.com said:
> The need for something more like ssl certs in there remains
It's called DNSSEC, which has been out for a decade and more.
> (Also needed for bgp I suspect).
RFC2385 (TCP MD5 protection for BGP) addresses most of the issues, at least
on a peer-to-peer basis, and has been out for a decade. There's a discussion
of the issues in RFC5123.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080730/892ccb16/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.