Workaround for DNS Fragmentation attacks #361
Comments
|
This item was discussed at the 2022-07-28 meeting. There was no strong interest from the group to prioritize this item. |
|
I believe this was discussed on MDSP in 2018: https://groups.google.com/g/mozilla.dev.security.policy/c/emREqhAZ3nM/m/lx8Rp3Q7BwAJ The thread implies that multi-perspective validation at least partially mitigates this attack. @ryancdickson is going to confirm with the folks at Princeton before we close this issue. |
|
Confirmed with Princeton. Yes, MPIC helps address this issue. “As discussed in slide 34 of the deck linked in that thread (https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf) the authors of this work actually developed a very similar system (known as DOMAIN VALIDATION++) designed to mitigate these attack which also uses multiple network perspectives to perform domain validation. At a conceptual level the current MPIC push is nearly identical to DOMAIN VALIDATION++ and also inherits many of the same protections that mitigate this attack.” |
No description provided.
The text was updated successfully, but these errors were encountered: