- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 09 Feb 2010 14:54:58 +0100
- To: Maciej Stachowiak <mjs@apple.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Maciej Stachowiak wrote: > Hello HTTP WG, > > A discussion of DNS Spoofing and DNS Rebinding came up on the W3C Web Apps Working Group. Someone pointed out the RFC2616 Security Considerations subsection on DNS Spoofing. This led me to notice that RFC2616 and the latest HTTPbis internet drafts not only lack a mention of DNS rebinding in their security considerations, but actually have requirements that increase the risk of DNS spoofing. > ... Recorded as <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/202>. (Thanks, Maciej)
Received on Tuesday, 9 February 2010 13:55:34 UTC