[106184] in North American Network Operators' Group
Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)
daemon@ATHENA.MIT.EDU (Chris Adams)
Thu Jul 24 09:03:28 2008
Date: Thu, 24 Jul 2008 08:02:51 -0500
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@merit.edu
In-Reply-To: <4888348C.3010806@ripe.net>
Errors-To: nanog-bounces@nanog.org
Once upon a time, Robert Kisteleki <robert@ripe.net> said:
> I understand this is a huge can of worms, but maybe it's time to change the
> default behavior of browsers from http to https...?
This is a _DNS_ vulnerability. The Internet is more than HTTP(S).
Think about email (how many MTAs do TLS and validate the certs?). Even
things like BitTorrent require valid DNS (how about MPAA/RIAA poisoning
the cache for thepiratebay?).
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
