[127719] in cryptography@c2.net mail archive
Re: Kaminsky finds DNS exploit
daemon@ATHENA.MIT.EDU (Paul Hoffman)
Wed Jul 9 11:32:40 2008
In-Reply-To: <4874523A.5090402@pobox.com>
Date: Wed, 9 Jul 2008 08:20:33 -0700
To: cryptography@metzdowd.com
From: Paul Hoffman <paul.hoffman@vpnc.org>
First off, big props to Dan for getting this problem fixed in a
responsible manner. If there were widespread real attacks first, it
would take forever to get fixes out into the field.
However, we in the security circles don't need to spread the
"Kaminsky finds" meme. Take a look at
<http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
The first draft of this openly-published document was in January
2007. It is now in WG last call.
The take-away here is not that "Dan didn't discover the problem", but
"Dan got it fixed". An alternate take-away is that IETF BCPs don't
make nearly as much difference as a diligent security expert with a
good name.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
