Threat Analysis of the Domain Name System (DNS)
RFC 3833
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2015-10-14
|
07 | (System) | Notify list changed from ,,, to |
|
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Steven Bellovin |
|
2004-08-30
|
07 | Amy Vezza | State Changes to RFC Published from RFC Ed Queue by Amy Vezza |
|
2004-08-30
|
07 | Amy Vezza | [Note]: 'RFC 3833' added by Amy Vezza |
|
2004-08-24
|
07 | (System) | RFC published |
|
2004-04-23
|
07 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
|
2004-04-22
|
07 | Amy Vezza | IESG state changed to Approved-announcement sent |
|
2004-04-22
|
07 | Amy Vezza | IESG has approved the document |
|
2004-04-22
|
07 | Amy Vezza | Closed "Approve" ballot |
|
2004-04-22
|
07 | Amy Vezza | [Ballot Position Update] Position for Steve Bellovin has been changed to No Objection from Discuss by Amy Vezza |
|
2004-04-08
|
07 | Thomas Narten | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Thomas Narten |
|
2004-04-05
|
07 | (System) | New version available: draft-ietf-dnsext-dns-threats-07.txt |
|
2004-03-19
|
07 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
|
2004-03-19
|
07 | (System) | Removed from agenda for telechat - 2004-03-18 |
|
2004-03-18
|
07 | Steven Bellovin | [Ballot discuss] clarify rdata names |
|
2004-03-18
|
07 | Steven Bellovin | [Ballot Position Update] Position for Steve Bellovin has been changed to Discuss from Yes by Steve Bellovin |
|
2004-03-18
|
07 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
|
2004-03-18
|
07 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
|
2004-03-18
|
07 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
|
2004-03-18
|
07 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for Jon Peterson by Jon Peterson |
|
2004-03-17
|
07 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
|
2004-03-17
|
07 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Undefined by Ted Hardie |
|
2004-03-17
|
07 | Ted Hardie | [Ballot Position Update] New position, Undefined, has been recorded for Ted Hardie by Ted Hardie |
|
2004-03-17
|
07 | Steven Bellovin | [Ballot comment] Perhaps the discussion of MX records should note that a fake MX record could be used to divert mail to an enemy site. … [Ballot comment] Perhaps the discussion of MX records should note that a fake MX record could be used to divert mail to an enemy site. Or maybe not, since mail that's sensitive should be encrypted anyway. The claim that only RRs with names in the RDATA are vulnerable is, I think, incorrect. A major cache contamination attack described described in [Bellovin95] inserted an A record to foil the cross-check on the name returned in an (enemy-generated) PTR record. Admittedly, this only affects people who do name-based authentication, but I do think it should be mentioned. (This is close to a DISCUSS, since it's an issue of technical accuracy, rather than style.) My style when writing something like this would be to add citations to the first published description when describing individual attacks. Your mileage may vary, and all of the important references are in the draft. |
|
2004-03-17
|
07 | Steven Bellovin | [Ballot Position Update] New position, Yes, has been recorded for Steve Bellovin by Steve Bellovin |
|
2004-03-15
|
07 | Allison Mankin | [Ballot Position Update] New position, Yes, has been recorded for Allison Mankin by Allison Mankin |
|
2004-03-15
|
07 | Harald Alvestrand | Comments from John Loughney, gen-ART reviewer: This document looks good, I think that even though DNSSEC has been under development for a long time, capturing … Comments from John Loughney, gen-ART reviewer: This document looks good, I think that even though DNSSEC has been under development for a long time, capturing the Threat Analysis is a good thing. I say ship it, I just have a few nit-picky comments. 1) Abstract: Among other drawbacks, this cart-before-the-horse situation -> The 'cart-before-the-horse' phrase may not be appropriate for an abstact. 2) Section 1: - While some participants in the meeting were interested in protecting against disclosure of DNS data to unauthorized parties, the design team made an explicit decision that "DNS data is `public'", and ruled all threats of data disclosure explicitly out of scope for DNSSEC. -> Change ` to ' character. 3) Section 2.1: Some of the simplest threats against DNS are various forms of packet interception: monkey-in-the-middle attacks, -> Are 'monkey-in-the-middle attacks' the same as man-in-the-middle attacks? If so, perhaps revise. If it is something else, perhaps a definition is needed. 4) Section 2.3, last paragraph: DNSSEC should provide a good defense against most (all?) variations -> What is the meaning of 'most (all?)'? Perhaps strike the (all?) or change to something like: DNSSEC should provide a good defense against most, if not all, variations 5) Update Copyright statement at the end of the document. |
|
2004-03-15
|
07 | Harald Alvestrand | [Ballot comment] Some editorial comments from John Loughney entered into the tracker log |
|
2004-03-15
|
07 | Harald Alvestrand | [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand by Harald Alvestrand |
|
2004-03-15
|
07 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley by Russ Housley |
|
2004-03-15
|
07 | Scott Hollenbeck | [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
|
2004-03-15
|
07 | Thomas Narten | [Ballot Position Update] New position, Yes, has been recorded for Thomas Narten |
|
2004-03-15
|
07 | Thomas Narten | Ballot has been issued by Thomas Narten |
|
2004-03-15
|
07 | Thomas Narten | Created "Approve" ballot |
|
2004-03-15
|
07 | (System) | Ballot writeup text was added |
|
2004-03-15
|
07 | (System) | Last call text was added |
|
2004-03-15
|
07 | (System) | Ballot approval text was added |
|
2004-03-15
|
07 | Thomas Narten | State Changes to IESG Evaluation from IESG Evaluation::Revised ID Needed by Thomas Narten |
|
2004-03-06
|
07 | Thomas Narten | Placed on agenda for telechat - 2004-03-18 by Thomas Narten |
|
2004-03-06
|
07 | Thomas Narten | [Note]: '2003-03-06: This document has been before the IESG before; this version addresses comments from smb, housley, and wijnen (from ops directorate). ' added by … [Note]: '2003-03-06: This document has been before the IESG before; this version addresses comments from smb, housley, and wijnen (from ops directorate). ' added by Thomas Narten |
|
2004-02-17
|
06 | (System) | New version available: draft-ietf-dnsext-dns-threats-06.txt |
|
2004-02-11
|
07 | Thomas Narten | 2004-02-05: From: Rob Austein To: Thomas Narten , Olaf Kolkman , =?ISO-8859-1?Q?=D3lafur_Gu=F0mundsson?= Cc: Derek Atkins Date: Thu, 05 Feb 2004 12:14:57 -0500 Subject: Re: … 2004-02-05: From: Rob Austein To: Thomas Narten , Olaf Kolkman , =?ISO-8859-1?Q?=D3lafur_Gu=F0mundsson?= Cc: Derek Atkins Date: Thu, 05 Feb 2004 12:14:57 -0500 Subject: Re: draft-ietf-dnsext-dns-threats-06 User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) new development: derek and i just received some last minute comments from steve crocker. i've incorporated the no-brainers (spelling, etc), am chatting with him about the slightly more substantial ones. no showstoppers, just suggestions for improvement. i've updated the snapshot on www.hactrn.net. more later, time permitting. |
|
2004-02-11
|
07 | Thomas Narten | State Change Notice email list have been change to ,,, from |
|
2003-12-22
|
07 | Thomas Narten | [Note]: '2003-12-10: Rob acknowledges that he has everything he needs to rev document in response to IESG comments.' added by Thomas Narten |
|
2003-12-22
|
07 | Thomas Narten | 2003-12-10: Rob acknowledges that he has everything he needs to rev document in response to IESG comments. |
|
2003-12-04
|
07 | Amy Vezza | Removed from agenda for telechat - 2003-12-04 by Amy Vezza |
|
2003-12-04
|
07 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
|
2003-11-26
|
07 | Thomas Narten | State Changes to IESG Evaluation from AD Evaluation by Thomas Narten |
|
2003-11-26
|
07 | Thomas Narten | Placed on agenda for telechat - 2003-12-04 by Thomas Narten |
|
2003-11-26
|
07 | Thomas Narten | [Note]: 'Sent comments to authors. Some minor questions/comments, have asked if they want to respin or just forward to IESG.' has been cleared by Thomas … [Note]: 'Sent comments to authors. Some minor questions/comments, have asked if they want to respin or just forward to IESG.' has been cleared by Thomas Narten |
|
2003-11-24
|
05 | (System) | New version available: draft-ietf-dnsext-dns-threats-05.txt |
|
2003-10-27
|
04 | (System) | New version available: draft-ietf-dnsext-dns-threats-04.txt |
|
2003-08-25
|
07 | Thomas Narten | State Changes to AD Evaluation from Publication Requested by Thomas Narten |
|
2003-08-25
|
07 | Thomas Narten | Sent comments to authors. Some minor questions/comments, have asked if they want to respin or just forward to IESG. |
|
2003-08-19
|
07 | Natalia Syracuse | Draft Added by Natalia Syracuse |
|
2003-06-27
|
03 | (System) | New version available: draft-ietf-dnsext-dns-threats-03.txt |
|
2002-11-07
|
02 | (System) | New version available: draft-ietf-dnsext-dns-threats-02.txt |
|
2002-02-28
|
01 | (System) | New version available: draft-ietf-dnsext-dns-threats-01.txt |
|
2001-11-19
|
00 | (System) | New version available: draft-ietf-dnsext-dns-threats-00.txt |