W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

issue 202, was: Security considerations for DNS rebinding

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 09 Feb 2010 14:54:58 +0100
Message-ID: <4B716932.4020908@gmx.de>
To: Maciej Stachowiak <mjs@apple.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Maciej Stachowiak wrote:
> Hello HTTP WG,
> 
> A discussion of DNS Spoofing and DNS Rebinding came up on the W3C Web Apps Working Group. Someone pointed out the RFC2616 Security Considerations subsection on DNS Spoofing. This led me to notice that RFC2616 and the latest HTTPbis internet drafts not only lack a mention of DNS rebinding in their security considerations, but actually have requirements that increase the risk of DNS spoofing.
> ...

Recorded as <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/202>.

(Thanks, Maciej)
Received on Tuesday, 9 February 2010 13:55:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:16 GMT