On Thu, 9 Nov 2006, Stephane Bortzmeyer wrote: > 1) The attacker could just use whatever 3rd party DNS records that > already exist, right? > > I replied to it (the variant you describe is possible but does not > seem to be the main concern right now).
Yes, I saw that, but I believe whether it's the main concern or not is irrelevant -- the question to ask should be, "is this variation of attack relevant to the scope of the document?" Unless this, as well, gets ruled out of scope in the document, I believe the answer is "yes". -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
