Re: issue 202, was: Security considerations for DNS rebinding

... which is a duplicate of <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/100>. :)


On 10/02/2010, at 12:54 AM, Julian Reschke wrote:

> Maciej Stachowiak wrote:
>> Hello HTTP WG,
>> A discussion of DNS Spoofing and DNS Rebinding came up on the W3C Web Apps Working Group. Someone pointed out the RFC2616 Security Considerations subsection on DNS Spoofing. This led me to notice that RFC2616 and the latest HTTPbis internet drafts not only lack a mention of DNS rebinding in their security considerations, but actually have requirements that increase the risk of DNS spoofing.
>> ...
> 
> Recorded as <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/202>.
> 
> (Thanks, Maciej)
> 


--
Mark Nottingham     http://www.mnot.net/

Received on Tuesday, 9 February 2010 20:38:40 UTC