[NCAP-Discuss] Additional comments on the comments to the Scarfone Draft
Danny McPherson
danny at tcb.net
Wed May 6 22:57:51 UTC 2020
On 2020-05-06 17:42, Rubens Kuhl wrote:
>
> This is WPAD, which I already mentioned as suggested by then
> applicants as a string to be blocked at the 2nd level and as one of
> the few discovery protocols not using _.
But it's not blocked Ruben and those same queries are still leaking post
CI and users are at risk that's precisely the point! -- it's not blocked
in the example domains they have in their attack and exploitation
blueprint and it's actually being sold as.a premium in some new gTLDs
and for sale all over the new gTLD retail and secondary market -- this
precisely illustrates the issue here where users and consumers are at
risk.
But WPAD is the obvious one, there are thousands of DNS Service
Discovery protocols and others that are problematic for reasons outlined
in numerous peer-reviewed research that's been cited here (and that
ICANN funded early on, even) - you can continue to ignore it for
whatever reason you choose but these protocols and namespace collisions
result in billions of queries to the root and can be exploited to enable
MiTM attacks well after delegation and CI - e.g., precisely the same as
the corp.com coffee shop example that is an artifact of .CORP and search
list processing.
I don't believe "Let's let law enforcement solve the problem nothing to
see here" is an answer the board would want to hear or this working
group should offer.
-danny
More information about the NCAP-Discuss
mailing list