[11435] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Jul 29 23:33:18 1997
Date: Tue, 29 Jul 97 20:25 PDT
From: randy@psg.com (Randy Bush)
To: Ben Black <black@zen.cypher.net>
Cc: nanog@merit.edu
> this statement bothers me. certainly without DNSSEC there can be no
> *assurances* of security,
While there are often assurances of security, there can never be assurance
of security.
> there is a gaping chasm between the current system and DNSSEC that could
> be closed significantly with proper design.
>
> simply stating that until DNSSEC arrives these attacks are going to be
> allowed is a copout.
Send code.
randy
