> From: Masataka Ohta <mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx>
>> What DNSsec will provide is ... data origin authentication and data
>> integrity protection.
> That is already offered with plain old DNS with UDP checksum, cookie
> and return routability, though UDP checksum is optional and cookie of
> message ID is a little bit too short.
??? There is clearly something here I don't understand.
How does the UDP checksum plus a cookie (nonce) protect against a MITM attack,
on the path from the server back to the querying entity?
Noel
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf