[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Evaluation: draft-ietf-dnsext-ad-is-secure
Jeff Schiller [ ] [ ] [ X ] [ ]
Since Jeff voted on this document, I contacted him about his concerns.
Jeff feels that the applicability statement in section 4 should really
re-emphasis the last paragraph of section 3, making it clear that even if
an organization decides to trust a certain DNS server, software should only
grant that trust if a secure transport can be negotiated. The proposed RFC
Editor note addresses this concern in a different way. It suggests that
the path must also be trusted.
I fear that implementors will trust the AD bit as meaning "secure" and
then not bother to protect the transport, which admits the possibility of
spoofing attacks. Therefore I propose an alternative paragraph for the RFC
Editor note:
In the latter two cases, the end consumer must also completely
trust the network path to the trusted resolvers or a secure
transport is employed to protect the traffic.
Further, I suggest that the Security Considerations be expanded to
provide a discussion on how a secure transport can be provided. I would
think that DNSSEC and IPsec are obvious alternatives.