[127726] in cryptography@c2.net mail archive
Re: Kaminsky finds DNS exploit
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Jul 9 12:42:46 2008
Date: Wed, 09 Jul 2008 17:36:02 +0100
From: Ben Laurie <ben@links.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: cryptography@metzdowd.com
In-Reply-To: <p0624080ec49a86832429@[10.20.30.162]>
Paul Hoffman wrote:
> First off, big props to Dan for getting this problem fixed in a
> responsible manner. If there were widespread real attacks first, it
> would take forever to get fixes out into the field.
>
> However, we in the security circles don't need to spread the "Kaminsky
> finds" meme. Take a look at
> <http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
> The first draft of this openly-published document was in January 2007.
> It is now in WG last call.
>
> The take-away here is not that "Dan didn't discover the problem", but
> "Dan got it fixed". An alternate take-away is that IETF BCPs don't make
> nearly as much difference as a diligent security expert with a good name.
Guess you need to tell Dan that - he seems to think he did discover it.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
