Ok, thanks. Steve
On May 10, 2016, at 11:54 AM, 神明達哉 <jin...@wide.ad.jp> wrote: > At Tue, 10 May 2016 15:04:56 +0200, > Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > >>> This is true, but I suspect it would be pretty easy for this type >>> of attacker to circumvent the effect if and when the nxdomain-cut >>> behavior is more widely deployed. An attacker for the '.wf' zone >>> would simply send random junk query <random>.wf instead of >>> <random>.dafa888.wf. So I think the mitigation effect in this >>> sense is quite limited. >> >> Speaking of that, I have a philosophical question. Attackers in the >> real world (not in labs or in security conferences, where researchers >> try to impress their peers with clever hacks) are often >> unsophisticated. [...] Why do they >> continue to do so? > > I don't know:-) In any case, my comment on this was not to request a > particular change to the draft. But I believe one with a decent > knowledge on DNS won't have to be particularly "clever" to have the > same question, you might want to add more discussion to answer (or at > least respond to) that question if we keep this topic in the draft. > It's up to you. > > -- > jinmei > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
