A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Comprehensive DNS Resolver Defenses Against Cache Poisoning
Author(s) : N. Weaver
Filename : draft-weaver-dnsext-comprehensive-resolver-00.txt
Pages : 20
Date : 2008-09-30
DNS resolvers are vulnerable to many attacks on their network
communication, ranging from blind attacks to full men-in-the-middle.
Although a full man-in-the-middle can only be countered with
cryptography, there are many layers of defenses which apply to less
powerful attackers. Of particular interest are defenses which only
require changing the DNS resolvers, not the authoritative servers or
the DNS protocols. This document begins with a taxonomy of attacker
capabilities and desires, and then discusses defenses against classes
of attackers, including detecting non-disruptive attacks, entropy
budgeting, detecting entropy stripping, semantics of duplication, and
cache policies to eliminate "race-until-win" conditions. Proposed
defenses were evaluated with traces of network behavior.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-weaver-dnsext-comprehensive-resolver-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-weaver-dnsext-comprehensive-resolver-00.txt>
-
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt