W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

Re: issue 202, was: Security considerations for DNS rebinding

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 10 Feb 2010 07:38:07 +1100
Cc: Maciej Stachowiak <mjs@apple.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <E7E3DA79-8C27-4014-9095-99490C64E9B8@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>
... which is a duplicate of <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/100>. :)


On 10/02/2010, at 12:54 AM, Julian Reschke wrote:

> Maciej Stachowiak wrote:
>> Hello HTTP WG,
>> A discussion of DNS Spoofing and DNS Rebinding came up on the W3C Web Apps Working Group. Someone pointed out the RFC2616 Security Considerations subsection on DNS Spoofing. This led me to notice that RFC2616 and the latest HTTPbis internet drafts not only lack a mention of DNS rebinding in their security considerations, but actually have requirements that increase the risk of DNS spoofing.
>> ...
> 
> Recorded as <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/202>.
> 
> (Thanks, Maciej)
> 


--
Mark Nottingham     http://www.mnot.net/
Received on Tuesday, 9 February 2010 20:38:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:16 GMT