Re: [Auth]DNS forgery

[Norbert Bollow]

> I think that this article could be useful. Maybe each person can be 
> identified by his pub-key fingerprint, or could be service names to use 
> this. Or maybe i have just to read all the old msg :)
> 
> http://cr.yp.to/djbdns/forgery.html

Yes... DNS forgery is one out of several possible ways in which
TCP connections can be hijacked, and it is relatively easy to
execute.

I think that whenever we communicate via TCP, all DotGNU
software should assume by default that the communication channel
is entirely untrusted.

Consider the typical situation of two machines A and B, where A
("the client") has sent a _request_ to B ("the server"), and now
B ("the server") is getting ready to send a _response_ to A ("the
client").

I think that this response should always be digitally signed,
and that we should use a signing algorithm which allows an
optimization in the case that the response consists of a
timestamp plus the contents of a frequently-requested file.

Sometimes the response should also be encrypted:  If the
request was already encrypted, then the response should also be
encrypted.  Also, if authentication is required before the
server will send this response, then the reponse should also be
encrypted.  On the other hand, when the request is
non-authenticated and non-encrypted, then the response also does
not need to be encrypted.

Greetings, Norbert.

-- 
A member of FreeDevelopers and the DotGNU Steering Committee: dotgnu.org
Norbert Bollow, Weidlistr.18, CH-8624 Gruet   (near Zurich, Switzerland)
Tel +41 1 972 20 59       Fax +41 1 972 20 69      http://thinkcoach.com
Your own domain with all your Mailman lists: $15/month  http://cisto.com