For the record, I already stated my consent with publishing this doc in: http://darkwing.uoregon.edu/~llynch/dnsop/msg03897.html
Given the title, the history and the purpose of this draft (remember the attacks launched at the beginning of this year?), vulnerability of othersystems or server types to (becoming an accomplice in) reflection oramplification attacks and their specific counter measures is out of scopefor this particular document.
Personally I'd welcome any idea that would describe how to protect authoritative servers too. I am not sure if there are solutions in the 'DNS operational' realm. There may be milage in protocol modifications like Donald Eastlake's proposed cookies.
But I agree with keeping the issue out of scope for this document. --Olaf ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/
PGP.sig
Description: This is a digitally signed message part
