On Thu, Nov 09, 2006 at 01:51:23PM +0200, Pekka Savola <[EMAIL PROTECTED]> wrote a message of 22 lines which said:
> My comments from July 7 have not been addressed or responded; it > seems these are still relevant in the -02 version. Let's see them: 1) The attacker could just use whatever 3rd party DNS records that already exist, right? I replied to it (the variant you describe is possible but does not seem to be the main concern right now). 2) If the attacker always used its own LRECORDs, the attack would be traceable just by looking at who owns the zone, right? But as the attacker may also use 2rd party LRECORDs, the owner of LRECORD doesn't help in figuring out who was responsible for the attack. Correct. But, in practice, it may be difficult to find the "owner" of mysubsubzone.subzone.zone.example. 3) I'd also add reference to BCP84 It seems OK. So, I would say that your comments are valid but should not block the document. As it is, it describes the *current* problem, and may be completed in the future by a more general document. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
