Input needed on DNSSEC for upcoming security advisory

["FORENSICS.ORG Security Coordinator" <secalert@forensics.org>]

[ post by non-subscriber.  with the massive amount of spam, it is easy to
  miss and therefore delete mis-posts.  so fix subscription addresses! ]

To Whom It May Interest:

A DNS-based security vulnerability exists that has not yet been disclosed
publicly. The vulnerability was discovered by a third party and
FORENSICS.ORG is acting in the capacity of COORDINATOR pursuant to the
Responsible Vulnerability Disclosure Process, referenced below:

http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-0
0.txt

We are in need of input from persons working with DNSSEC in connection with
the planned ADVISORY. Although DNSSEC will not completely solve this
particular problem, it is important to include details of the risk factors
that ARE mitigated partially when DNSSEC is employed. The most likely
security patch will involve mandatory updates to every resolver.

In order to discuss the technical details of the threat in a responsible
manner, it is necessary for us to disclose the vulnerability in full to a
small number of trustworthy individuals with expertise in certain subject
areas, DNSSEC being one of these areas.

If you are interested in contributing to the content of our forthcoming
ADVISORY, please contact us by Thursday, August 8th for consideration by our
team of your eligibility for early disclosure.

Thank you.

FORENSICS.ORG Security Coordinator




--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>