Paul Hoffman wrote: > Paul's "no" (which I agree with) shows what might be a fatal flaw in > draft-muks-dnsop-dns-message-checksums: an attacker just needs to send > fragments that look like they say "I don't understand the new EDNS0 > option". Does that make sense?
well, that was my reasoning for not including end to end checksumming in EDNS0 itself (as a fixed field.) -- Paul Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
