Threat Analysis of the Domain Name System (DNS)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, dnsext mailing list <email@example.com>, dnsext chair <firstname.lastname@example.org> Subject: Document Action: 'Threat Analysis Of The Domain Name System' to Informational RFC The IESG has approved the following document: - 'Threat Analysis Of The Domain Name System ' <draft-ietf-dnsext-dns-threats-08.txt> as an Informational RFC This document is the product of the DNS Extensions Working Group. The IESG contact persons are Thomas Narten and Mark Townsley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dns-threats-08.txt
Technical Summary Although the DNS Security Extensions (DNSSEC) have been under development for most of the last decade, the IETF has never written down the specific set of threats against which DNSSEC is designed to protect. Among other drawbacks, this cart-before-the-horse situation has made it difficult to determine whether DNSSEC meets its design goals, since its design goals are not well specified. This note attempts to document some of the known threats to the DNS, and, in doing so, attempts to measure to what extent (if any) DNSSEC is a useful tool in defending against these threats. Working Group Summary Protocol Quality This document has been reviewed for the IESG by Thomas Narten.