- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 10 Feb 2010 07:38:07 +1100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Maciej Stachowiak <mjs@apple.com>, HTTP Working Group <ietf-http-wg@w3.org>
... which is a duplicate of <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/100>. :) On 10/02/2010, at 12:54 AM, Julian Reschke wrote: > Maciej Stachowiak wrote: >> Hello HTTP WG, >> A discussion of DNS Spoofing and DNS Rebinding came up on the W3C Web Apps Working Group. Someone pointed out the RFC2616 Security Considerations subsection on DNS Spoofing. This led me to notice that RFC2616 and the latest HTTPbis internet drafts not only lack a mention of DNS rebinding in their security considerations, but actually have requirements that increase the risk of DNS spoofing. >> ... > > Recorded as <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/202>. > > (Thanks, Maciej) > -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 9 February 2010 20:38:40 UTC