#100: DNS Spoofing / Rebinding

<http://trac.tools.ietf.org/wg/httpbis/trac/ticket/100>

We've had this ticket open for a while now.

Relevant text in our current draft:
  <http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-15#section-11.4>

AIUI DNS pinning is no longer considered an adequate defence against rebinding, and the current advice is for servers to verify the Host header.

If that's correct, I think we can close this issue with no change.

Thoughts? We should also probably circulate with some security folk.


--
Mark Nottingham   http://www.mnot.net/

Received on Sunday, 17 July 2011 01:34:29 UTC