RFC 3833 Threat analysis of the domain name system (DNS)

Anne & Lynn Wheeler lynn at garlic.com
Wed Aug 25 18:13:08 EDT 2004 

as always ... can go to
http://www.garlic.com/~lynn/rfcietff.htm

and either scroll down the summary page to the 3833 summary and then 
retrieve the actual RFC by clicking on the ".txt=nnnn" field.

In this case it is also possible to click on "Term (term->RFC#)" in the 
"RFC's listed by" section ... and then click on "DNSSEC" in the acronym 
fastpath section at the top. That brings up the DNSSEC RFCs. ... where 
DNSSEC (and/or domain name security) appeared somewhere in the title or 
abstract.

as a side note, I've just done about everything possible that I can do with 
scanning actual RFCs for references. I did a pass ... where I created a 
list of all RFCs ... where the scan didn't produce RFC numbers from a 
reference section ... and then scanned those RFCs for anything that looked 
like there might be a RFC number anywhere in the body. Then I manually 
examined that list of RFCs for how they formated/called the references 
section. somewhat more detailed discussion of the references & md5 stuff:
http://www.garlic.com/~lynn/2004k.html#6






         RFC 3833
         Title:      Threat Analysis of the Domain Name System (DNS)
         Author(s):  D. Atkins, R. Austein
         Status:     Informational
         Date:       August 2004
         Mailbox:    derek at ihtfp.com, sra at isc.org
         Pages:      16
         Characters: 39303
         Updates/Obsoletes/SeeAlso:    None
         I-D Tag:    draft-ietf-dnsext-dns-threats-07.txt
         URL:        ftp://ftp.rfc-editor.org/in-notes/rfc3833.txt

Although the DNS Security Extensions (DNSSEC) have been under
development for most of the last decade, the IETF has never written
down the specific set of threats against which DNSSEC is designed to
protect.  Among other drawbacks, this cart-before-the-horse situation
has made it difficult to determine whether DNSSEC meets its design
goals, since its design goals are not well specified.  This note
attempts to document some of the known threats to the DNS, and, in
doing so, attempts to measure to what extent (if any) DNSSEC is a
useful tool in defending against these threats.




--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/ 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list