[1580] in WWW Security List Archive
Re: _DNS_ security problems
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Sun Mar 3 21:40:58 1996
Date: Sun, 03 Mar 1996 16:12:47 -0800
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: Rich Salz <rsalz@osf.org>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Gee, if reason won't do it, maybe concocting something about my
understanding of the relevant issues will.
I've junked Rich's reiteration of his utter disregard for the
distinction between "what is" and "what should be", "existing practice"
and "wearing our history as a yoke."
Rich Salz wrote:
> To the extent that the underlying DNS allows this, yes. Doing forward
> checks after gethostbyaddr is *not* the job of the of the API. If
> you think otherwise then you need to go learn more about DNS and what
> security/integrity guarantees it does, and does not, provide.
This paragraph clearly demonstrates that you've failed to read much of
anything I've written, which taken in combination with the below:
> > but to call it anything but a pitfall is clearly specious.
>
> At least for the DNS case (gethostbyaddr/gethostbyname), you do not know
> what you are talking about. Sorry to be blunt, and perhaps rude, but
> it's true.
...provides solid indication that at least in this one isolated
circumstance, you're willing to jump to irresponsible conclusions.
