I-D Action:draft-weaver-dnsext-fr-comprehensive-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : Comprehensive DNS Resolver Defenses Against Cache Poisoning
	Author(s)       : N. Weaver
	Filename        : draft-weaver-dnsext-fr-comprehensive-00.txt
	Pages           : 20
	Date            : 2008-09-30

DNS resolvers are vulnerable to many attacks on their network
communication, ranging from blind attacks to full men-in-the-middle.
Although a full man-in-the-middle can only be countered with
cryptography, there are many layers of defenses which apply to less
powerful attackers.  Of particular interest are defenses which only
require changing the DNS resolvers, not the authoritative servers or
the DNS protocols.  This document begins with a taxonomy of attacker
capabilities and desires, and then discusses defenses against classes
of attackers, including detecting non-disruptive attacks, entropy
budgeting, detecting entropy stripping, semantics of duplication, and
cache policies to eliminate "race-until-win" conditions.  Proposed
defenses were evaluated with traces of network behavior.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-weaver-dnsext-fr-comprehensive-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-weaver-dnsext-fr-comprehensive-00.txt>
_______________________________________________

I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux