[127793] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Kaminsky finds DNS exploit

daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jul 10 10:41:19 2008

From: Florian Weimer <fw@deneb.enyo.de>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: cryptography@metzdowd.com
Date: Thu, 10 Jul 2008 14:42:03 +0200
In-Reply-To: <p0624080ec49a86832429@[10.20.30.162]> (Paul Hoffman's message of
	"Wed\, 9 Jul 2008 08\:20\:33 -0700")

* Paul Hoffman:

> The take-away here is not that "Dan didn't discover the problem", but
> "Dan got it fixed".

I haven't seen credible claims that the underlying issue can actually be
fixed in the classic DNS protocol.  There are workarounds on top of
workarounds.  A real fix requires more or less incompatible protocol
changes, and at that point, it might be easier to deploy DNSSEC instead.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[127793] in cryptography@c2.net mail archive

Re: Kaminsky finds DNS exploit

daemon@ATHENA.MIT.EDU (Florian Weimer)Thu Jul 10 10:41:19 2008

daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jul 10 10:41:19 2008