At Tue, 10 May 2016 15:04:56 +0200, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> > This is true, but I suspect it would be pretty easy for this type > > of attacker to circumvent the effect if and when the nxdomain-cut > > behavior is more widely deployed. An attacker for the '.wf' zone > > would simply send random junk query <random>.wf instead of > > <random>.dafa888.wf. So I think the mitigation effect in this > > sense is quite limited. > > Speaking of that, I have a philosophical question. Attackers in the > real world (not in labs or in security conferences, where researchers > try to impress their peers with clever hacks) are often > unsophisticated. [...] Why do they > continue to do so? I don't know:-) In any case, my comment on this was not to request a particular change to the draft. But I believe one with a decent knowledge on DNS won't have to be particularly "clever" to have the same question, you might want to add more discussion to answer (or at least respond to) that question if we keep this topic in the draft. It's up to you. -- jinmei _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
