Attacking networks using DHCP, DNS - probably doesn't kill DNSSEC
Bill Sommerfeld
sommerfeld at orchard.arlington.ma.us
Sun Jun 29 13:30:30 EDT 2003
One key point though: even if DNSSEC was deployed from the root, and a
trusted copy of the root key was the client, the search path/default
domain must *also* come from a trusted source.
Currently, default domain/search path often comes from DHCP, and for
nomadic laptops where the relationship to the local network is often
casual at best, this is likely to be a mistake.
- Bill
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list