At 09:22 31.05.2000 -0700, Joe Touch wrote:
>It may be useful to distinguish resolver behavior from browser behavior.
>
>If the host has no more specific (explicit) resolver information,
>the current fully-qualified hostname, minus the first component,
>is used as the 'working suffix'. Attempts are made, with increasing
>generality, to use this suffix on any partially qualified request.
so far nobody's mentioned RFC 1535, the short summary of which is "this is
bloodyawfulstupidbehaviour".
If I am out to attack you, and can place a record at ANY position in your
search path, I can control your offsite name lookups totally.
In the case of someone seaarching
www.netscape.com.dept.other.edu
www.netscape.com.other.edu
www.netscape.com.edu
www.netscape.com
any DNS administrator at dept.other.edu, other.edu or com.edu(!) can
prevent him from getting to www.netscape.com, instead sending him elsewhere.
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
[EMAIL PROTECTED]
