Ohta-san, On Sat, 2009-06-06 at 12:04 +0900, Masataka Ohta wrote: > Shane Kerr wrote: > > >>>I think we all understand that it is possible to inject bad data into > >>>the DNS at the parent. > > > I "the parent" in the same sense as in RFC 1034 - the delegating level. > > So, for EXAMPLE.COM this would be COM. > > If you mean COM zone, it is not necessary to inject any data into > the zone. > > You, instead, can inject a forged certificate into some cache used > by your victim. You said transport security can help. How can it in this case? Also, how can you create a forged certificate? -- Shane _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf