[gtld-tech] URS and replay attacks
Luis E. Muñoz
lem at uniregistry.link
Tue Sep 1 21:11:13 UTC 2015
On 1 Sep 2015, at 13:35, Rubens Kuhl wrote:
> @ll,
>
> I'm wondering what we have, if any, in resources to prevent URS replay
> attacks. The threat scenario we've made include access to the "Sent
> Items" folder of an URS Provider, without access to PGP information.
> With such access, domains that already received URS-Lock and
> URS-Suspend commands might be subject to lock or suspension again,
> even if there is not, at that time, an URS procedure ongoing. That
> could even happen with a new registrant of that domain.
>
> I couldn't find anything in the requirements or URS Provider RFIs that
> would generate information capable of mitigating this threat... am I
> missing something ?
We keep track of the case IDs, so we would notice this to be a dupe.
That said, I think your scenario is viable.
Luis Muñoz
Director, Registry Operations
____________________________
http://www.uniregistry.link/
2161 San Joaquin Hills Road
Newport Beach, CA 92660
Office +1 949 706 2300 x 4242
lem at uniregistry.link
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gtld-tech/attachments/20150901/bb1ffc2e/attachment.html>
More information about the gtld-tech
mailing list