[dnssec-deployment] change "real threats" slide
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Mon Oct 18 11:40:53 EDT 2004
On Mon, Oct 18, 2004 at 11:30:39AM -0400, Rob Austein wrote:
> sam pointed out another plausible "real threat" for an ops audience:
> use of the reverse tree for logging, traceroute, etc.
warning - more inchoherant rants from bill
while i think ther are real reasons fro focusing on the reverse map,
the real concern has to do w/ whats in the DNS that apps use.
violating the implied trust that the IP address represents
an end-system and not just a place in the topology will cause
significant problems for logging - traceroute - SNMP/MIBS
et.al. doing post-mortim work on attacks is deeply immerssed
in the idea tht the IP address is inviolate -
won't even touch the possible integration of DNS data in the
reverse maps with routing data - if not in real time, in the RAbd
or the rest of the IRR ilk.
--bill
More information about the Dnssec-deployment
mailing list