DNS keyserver (was Re: gnupg-1.0.7: keyserver subdir?)
Michael Graff
explorer@flame.org
Wed Jul 10 20:16:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simon Josefsson <jas@extundo.com> writes:
> But to generate a 64kb UDP packet you need to have negotiated EDNS.0
> with the other server. Is it possible to spoof that negotiation? I
> don't know. But this isn't endemic to this, IPv6 and DNSSEC is going
> to generate bigger packages too, making it possible to exploit this in
> the same way. Hopefully EDNS.0 negotiations cannot be spoofed.
There is no negotiation. The sender says "I can receive up to X bytes
in a UDP reply" and the sender will use up to X bytes to reply, or set
the truncated bit.
BTW, I'm one of the authors listed if you do a
dig authors.bind. chaos txt
to a bind9 server. :)
- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)
Comment: See http://www.flame.org/~explorer/pgp for my keys
iD8DBQE9LHobl6Nz7kJWYWYRAiOHAJ9/9tHAsIMZW7J2/NWB0GNK+/bhzACfTY8D
ktZBPsArFDgeUDBjVxPvBrg=
=3IPT
-----END PGP SIGNATURE-----