[128073] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Kaminsky finds DNS exploit

daemon@ATHENA.MIT.EDU (John Levine)
Mon Jul 14 10:36:13 2008

Date: 14 Jul 2008 14:22:30 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <87od51r536.fsf@mid.deneb.enyo.de>
Cc: fw@deneb.enyo.de

>CERT/CC mentions this:
>
>| It is important to note that without changes to the DNS protocol, such
>| as those that the DNS Security Extensions (DNSSEC) introduce, these
>| mitigations cannot completely prevent cache poisoning.

Why wouldn't switching to TCP lookups solve the problem?  It's
arguably more traffic than DNSSEC, but it has the large practical
advantage that they actually work with deployed servers today.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[128073] in cryptography@c2.net mail archive

Re: Kaminsky finds DNS exploit

daemon@ATHENA.MIT.EDU (John Levine)Mon Jul 14 10:36:13 2008

daemon@ATHENA.MIT.EDU (John Levine)
Mon Jul 14 10:36:13 2008