[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Re: question about dns trust profile
On 2/5/09, Peter Davis <peter.davis@neustar.biz> wrote: > True, but no more so than an A record attack on the DNS for almost every > resource we have. They real test, IFAIC, is a trust in the signature keys. > Anything else is liable to introduce attacks. I think the attack exists even with trust in the signature keys. Consider this: Same key is used to sign two documents, A and B. Legitimate DNS entry specifies that resource X maps to document A. Spoofed DNS entry specifies that resource X maps to document B.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]