In April I speculated about the impending doom of the DNS. Now we know what was in the works, and yes, it’s not a pretty picture. My idea from april doesn’t work 1:1, as the attacker doesn’t attack a single target, sondern arbitrary other hostnames in the same domain. Anyway, I spent the last days […]
Category: IETF
Categories
From the archives: Some thoughts on RUCUS
On Jan. 30th, 2008, I sent the following to the sipping list. It is a good summary of some of my thoughts on the RUCUS problem statement and on which basic premises need to be sorted out first. …
Categories
New I-D on ENUM for loose-route SIP
I’ve submitted a new I-D defining an enumservices subtype for loose-route SIP according to J. Rosenberg’s UA loose route (which right now is one of multiple proposals to address one problem). The basic idea is the following: SIP proxy should distinguish between “retargeting” and “routing”. “retargeting” is done, whenever a proxy decides that this call […]
Categories
DNS: What to do if the sky is falling?
Having been treated to another iteration of “we need to deploy DNSSEC, otherwise DNS will fall apart due to rampant forgeries” talk recently, I started to think what other options resolvers have to protect themselves. See also bert’s draft. First of all, is it possible to implement a successful forgery attack without the client noticing […]
Categories
SPIT: Where do we stand?
SPAM over Internet Telephony (SPIT) is a strange beast: Everybody knows it is a threat, but in real life SIP installations, it has hardly been observed. In other networks it is not uncommon, Skype needs to police its users to get a grip on abuse, and all Instant Messaging networks have to deal with IM […]