[gtld-tech] URS and replay attacks
Rubens Kuhl
rubensk at nic.br
Tue Sep 1 21:12:14 UTC 2015
> Em 01/09/2015, à(s) 18:11:000, Luis E. Muñoz <lem at uniregistry.link> escreveu:
>
> On 1 Sep 2015, at 13:35, Rubens Kuhl wrote:
>
> @ll,
>
> I'm wondering what we have, if any, in resources to prevent URS replay attacks. The threat scenario we've made include access to the "Sent Items" folder of an URS Provider, without access to PGP information. With such access, domains that already received URS-Lock and URS-Suspend commands might be subject to lock or suspension again, even if there is not, at that time, an URS procedure ongoing. That could even happen with a new registrant of that domain.
>
> I couldn't find anything in the requirements or URS Provider RFIs that would generate information capable of mitigating this threat... am I missing something ?
>
> We keep track of the case IDs, so we would notice this to be a dupe. That said, I think your scenario is viable.
>
>
Is there a requirement for URS Providers to mention case IDs in their requests ?
Rubens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gtld-tech/attachments/20150901/b3824c13/attachment.html>
More information about the gtld-tech
mailing list