OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] Re: question about dns trust profile

On 2/5/09, Peter Davis <peter.davis@neustar.biz> wrote:
>  True, but no more so than an A record attack on the DNS for almost every
> resource we have.  They real test, IFAIC, is a trust in the signature keys.
> Anything else is liable to introduce attacks.

I think the attack exists even with trust in the signature keys.  Consider this:

Same key is used to sign two documents, A and B.
Legitimate DNS entry specifies that resource X maps to document A.
Spoofed DNS entry specifies that resource X maps to document B.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]