DNS spoofing and poisoning..

Troy Benjegerdes hozer at hozed.org
Sat May 21 13:37:52 PDT 2005

Is there anything in the current protocol to mitigate DNS spoofing
and cache poisoning attacks?

The other thing I suspect will happen are people like myself who have a
unix box at home or a hosted domain they can set an OpenID server up on,
but then for whatever reason, lose the domain.

Is this dealt with by the OpenID server private key? How will key revocation 
and updates be handled? Are we not that far yet?

This stuff gets to be a mess once you get into it..

More information about the yadis mailing list