On Thu Nov 26 09:28:41 2009, W.C.A. Wijngaards wrote:
* It may be prudent to have in conflict resolution a line that says
that
if repeated conflicted announcements of unique records are observed
by
another host, then the host SHOULD consider itself to have lost (and
rename itself). Or put differently: if a particular host on the
network
keeps causing conflicts, get out of the way, even if the spec says
you
should have won, because this avoids packet-chatter on the network.
Wouldn't this lead to a potential attack by deliberately introducing
a conflict and taking over a name? Currently, it's possible to take
over a name by advertising, for example, an A record for a name with
a higher IP address - since you can easily advertise a name with an
arbitarily high IP address, this is fairly easy to do, but it'd be
far simpler just to ignore the probe protcol entirely, as that leads
to a more seamless takeover of a particular name in most
circumstances.
Of course, DNSSEC might help here, but presumes that either a
participant has the ability to sign RRs online, or else is a silent
partner with a preconfigured trust anchor. (In general, I find the
comments in the document about DNSSEC somewhat hand-wavy, but I admit
I lack much knowledge about DNSSEC). Still, if all participants have
access to the private key for DNSSEC, that provides a significant
number of possible attack points, I'd have thought - I'm assuming
here that things like your network printer need to be configured with
the private key, which may not be the case.
Dave.
--
Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxxxxxxxxx
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf