Input needed on DNSSEC for upcoming security advisory
"FORENSICS.ORG Security Coordinator" <secalert@forensics.org> Sat, 03 August 2002 00:29 UTC
From: "FORENSICS.ORG Security Coordinator" <secalert@forensics.org>
Subject: Input needed on DNSSEC for upcoming security advisory
Date: Fri, 02 Aug 2002 14:29:58 -1000
Lines: 40
Sender: owner-namedroppers@ops.ietf.org
References: <iluofckvrew.fsf@h133n1c1o299.bredband.skanova.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: dnssec@cafax.se
Return-path: <owner-namedroppers@ops.ietf.org>
In-Reply-To: <iluofckvrew.fsf@h133n1c1o299.bredband.skanova.com>
To: namedroppers@ops.ietf.org
Precedence: bulk
X-Message-ID:
Message-ID: <20140418071630.2560.17251.ARCHIVE@ietfa.amsl.com>
[ post by non-subscriber. with the massive amount of spam, it is easy to miss and therefore delete mis-posts. so fix subscription addresses! ] To Whom It May Interest: A DNS-based security vulnerability exists that has not yet been disclosed publicly. The vulnerability was discovered by a third party and FORENSICS.ORG is acting in the capacity of COORDINATOR pursuant to the Responsible Vulnerability Disclosure Process, referenced below: http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-0 0.txt We are in need of input from persons working with DNSSEC in connection with the planned ADVISORY. Although DNSSEC will not completely solve this particular problem, it is important to include details of the risk factors that ARE mitigated partially when DNSSEC is employed. The most likely security patch will involve mandatory updates to every resolver. In order to discuss the technical details of the threat in a responsible manner, it is necessary for us to disclose the vulnerability in full to a small number of trustworthy individuals with expertise in certain subject areas, DNSSEC being one of these areas. If you are interested in contributing to the content of our forthcoming ADVISORY, please contact us by Thursday, August 8th for consideration by our team of your eligibility for early disclosure. Thank you. FORENSICS.ORG Security Coordinator -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Comment on draft-ietf-dnsext-dnssec-records Simon Josefsson
- Re: Comment on draft-ietf-dnsext-dnssec-records Matt Larson
- Input needed on DNSSEC for upcoming security adviā¦ FORENSICS.ORG Security Coordinator
- Re: Comment on draft-ietf-dnsext-dnssec-records Simon Josefsson
- Re: Comment on draft-ietf-dnsext-dnssec-records Edward Lewis