Re: Hey, SiteFinder is back, again...

• Previous message: D'Arcy J.M. Cain: "Re: Hey, SiteFinder is back, again..."
• Maybe in reply to: David Lesher: "Hey, SiteFinder is back, again..."
• Next in thread: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Reply: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, 5 Nov 2007 11:17:29 -0800
David Conrad <> wrote:

> On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
> > What affect will Allegedly Secure DNS have on such provider
> > hijackings, both of DNS and crammed-in content?
>
> If what Verizon is doing is rewriting NXDOMAIN at their caching
> servers, DNSSEC will _not_ help. Caching servers do the validation
> and the insertion of the search engine IP addresses in the response
> would occur after the validation.
>
Depends on whether or not the endpoints delegate DNSSEC validation to
Verizon. They don't have to.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

• Previous message: D'Arcy J.M. Cain: "Re: Hey, SiteFinder is back, again..."
• Maybe in reply to: David Lesher: "Hey, SiteFinder is back, again..."
• Next in thread: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Reply: David Conrad: "Re: Hey, SiteFinder is back, again..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]