[1554] in WWW Security List Archive
Re: _DNS_ security problems
daemon@ATHENA.MIT.EDU (Bob Denny)
Tue Feb 27 03:51:21 1996
From: Bob Denny <rdenny@dc3.com>
Date: Mon, 26 Feb 1996 23:06:18 -0800
In-Reply-To: Dan Stromberg <strombrg@test34a.acs.uci.edu>
"Re: _DNS_ security problems" (Feb 26, 11:01)
To: Dan Stromberg <strombrg@test34a.acs.uci.edu>,
Irving Reid <irving@border.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
OK, I gotta get out of this discussion, for time reasons.
At this point:
(1) DNS is just fine for a lightweight name service (that's what I meant, not
to replace it)
(2) The security issues with downloaded applets and the like would be helped
immensely if you could guarantee that you could determine the source of the
code, down to the human that created and packaged it. Accepting only digitally
signed bits would do the trick, it seems. Yes, someone could create a
malicious applet and offer it, and you'd only find out after the damage was
done, but at least you'd know where to go for redress. The infrastructure is
certainly NOT there now, but the technology exists, it is fairly well proven,
and has even been cast in the mold of S-HTTP, so the jump is not far.
-- Bob
