W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #100: DNS Spoofing / Rebinding

From: Mark Nottingham <mnot@mnot.net>
Date: Sat, 30 Jul 2011 07:48:04 -0700
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Lisa Dusseault <lisa.dusseault@gmail.com>
Message-Id: <D305D448-217C-43D5-9AE6-74DB3A598E7A@mnot.net>
To: Henrik Nordström <henrik@henriknordstrom.net>
Thanks, Henrik.

On 29/07/2011, at 4:12 PM, Henrik Nordström wrote:

> So here is another proposal. Shorten and rewrite p1 4.2 as follows
> 
>        Clients using HTTP rely heavily on the Domain Name Service, and
>        are thus generally prone to security attacks based on the
>        deliberate misassociation of IP addresses and DNS names not
>        protected by DNSSec. Clients need to be cautious in assuming the
>        validity of an IP number/DNS name association unless the
>        response is protected by DNSSec.


I like this one; others?

--
Mark Nottingham   http://www.mnot.net/
Received on Saturday, 30 July 2011 14:48:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:46 GMT