On Mon, Nov 13, 2006 at 10:15:07PM -0800, Douglas Otis wrote: > domain. His issue only distracts from the SPF concern. Any remedy to > resolve an NS chaining exploit raised by William, if there is an > exploit, is completely orthogonal to the problem raised by the SPF > script.
Well, maybe. I'm not sure this conclusion follows from what you said, actually, because it seems to me that the _kind_ of vulnerability would be the same in any case. This is what I took Olaf Kolkman to mean when he said that this is an architectural issue (I'm sure he'll correct me if I misunderstood). > to the attacker makes SPF scripts dangerous and inviting. This WG > should be able to express meaningful concerns about the state of this > experimental RFC. So, if I understand correctly, the last sentence there is what your response is to my question? If so, it seems to represent a different answer than any of the candidate ones I proposed. This one, if I read you right, is 6. There is a specific issue here, and it needs to be addressed in the particular case, and not the general one. Is that correct? A -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada <[EMAIL PROTECTED]> M2P 2A8 jabber: [EMAIL PROTECTED] +1 416 646 3304 x4110 . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
