[13745] in cryptography@c2.net mail archive
Re: Attacking networks using DHCP, DNS - probably kills DNSSEC
daemon@ATHENA.MIT.EDU (bear)
Tue Jul 1 15:12:35 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 1 Jul 2003 09:48:37 -0700 (PDT)
From: bear <bear@sonic.net>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cryptography@metzdowd.com, <wsimpson@greendragon.com>,
<cypherpunks@lne.com>
In-Reply-To: <200307010901.h6191eA18488@medusa01.cs.auckland.ac.nz>
On Tue, 1 Jul 2003, Peter Gutmann wrote:
> Given that their goal is zero-configuration networking, I can see
> that being required to provide a shared secret would mess things up
> a bit for them. It'd be a bit like PKIX being asked to make
> ease-of-use a consideration in their work, or OpenPGP to take X.509
> compatibility into account.
I tend to agree... I don't think "zero-configuration" networking has
a real possibility to create any safety zones beyond the immediate
physical machine. After all, if you can plug it into any network and
it just works, you can plug it into an insecure or subverted network
and it'll just work.
At the very least you've got to have a file of keys.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
