[saag] some of the papers mentioned in talk: DNS Cache-Poisoning: New Vulnerabilities and Implications
=JeffH <Jeff.Hodges@KingsMountain.com> Thu, 01 August 2013 11:25 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E16221E808F for <saag@ietfa.amsl.com>; Thu, 1 Aug 2013 04:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.82
X-Spam-Level:
X-Spam-Status: No, score=-100.82 tagged_above=-999 required=5 tests=[AWL=-0.515, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_BL_SPAMCOP_NET=1.96, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hbp1t4kBF78j for <saag@ietfa.amsl.com>; Thu, 1 Aug 2013 04:25:50 -0700 (PDT)
Received: from oproxy5.bluehost.com (oproxy5-pub.bluehost.com [67.222.38.55]) by ietfa.amsl.com (Postfix) with SMTP id AC67C21F964C for <saag@ietf.org>; Thu, 1 Aug 2013 04:25:34 -0700 (PDT)
Received: (qmail 11978 invoked by uid 0); 1 Aug 2013 11:25:11 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy5.bluehost.com with SMTP; 1 Aug 2013 11:25:11 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=2UH00OPgP1bwu9ZgihcOu3Jqbsnu0703wjDmF6RejyU=; b=yiLaUIYJihr1grzIIz20i8O3D+CDViwwkJY96UQ5OsL4fwbmRL/D33g6gTu6VJA62QuWAdde7z82Ndis22TunULQe+3J/Elp8UpdmnjMtz9ZJvjl5fRKMHUu4bTaC6+n;
Received: from [130.129.99.118] (port=57119) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.80) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1V4r0I-000463-O3 for saag@ietf.org; Thu, 01 Aug 2013 05:25:10 -0600
Message-ID: <51FA458E.8030806@KingsMountain.com>
Date: Thu, 01 Aug 2013 04:25:02 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130330 Thunderbird/17.0.5
MIME-Version: 1.0
To: IETF Security Area Advisory Group <saag@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 130.129.99.118 authed with jeff.hodges+kingsmountain.com}
Subject: [saag] some of the papers mentioned in talk: DNS Cache-Poisoning: New Vulnerabilities and Implications
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Aug 2013 11:25:56 -0000
fyi/fwiw, looks like some of the papers mentioned in today's SAAG talk are returned by this search... <http://scholar.google.com/scholar?hl=en&q=Amir+Herzberg%2C+Haya+Shulman+++dnssec&btnG=&as_sdt=1%2C5&as_sdtp=> ### Invited Presentation - DNS Cache-Poisoning: New Vulnerabilities and Implications Amir Herzberg, Haya Shulman A number of standardises mechanisms were proposed to enhance security of DNS against cache poisoning attacks. However, we recently found vulnerabilities, allowing attackers to circumvent those defenses and poison resolvers' caches. We present techniques to foil widely deployed defenses, standardised in RFC5452,6056,4697. These works appeared/soon to be published, in ESORICS'12, ESORICS'13, IEEE CNS'13. We then discuss potential countermeasures, some of which may require changes to devices and protocols. ###