[116454] in North American Network Operators' Group
Re: Dan Kaminsky
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Wed Aug 5 10:19:21 2009
Date: Wed, 5 Aug 2009 10:18:11 -0400
From: Leo Bicknell <bicknell@ufp.org>
To: Nanog <nanog@nanog.org>
Mail-Followup-To: Nanog <nanog@nanog.org>
In-Reply-To: <20090804183246.B69B41CC34@ptavv.es.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Tue, Aug 04, 2009 at 11:32:46AM -0700, Kevin Oberma=
n wrote:
> There is NO fix. There never will be as the problem is architectural
> to the most fundamental operation of DNS. Other than replacing DNS (not
> feasible), the only way to prevent this form of attack is DNSSEC. The
> "fix" only makes it much harder to exploit.
I don't understand why replacing DNS is "not feasible".
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iQIVAwUBSnmUn7N3O8aJIdTMAQK/gw/+KF4ZDsOVw2zn6cdjVuORSAjxqSJEEBXX
/530i6C/Vr6pP2/tfSNz+wTYKIrrn8tM8AYg5W8DGl5M20LNmDifv+4TZHl58th0
cYWu87c7aVjXwDyoOv/W5R51pAHHYRuXP/eXoYrryWC8b1ZgqdHmIOvZJyuoOZDW
xDSakvsi1UDM3LMuSAtKbtpr8qIh8hojIekaZLe51xswMsYmHDxZPrcbEaV+b6Ym
sluAcVnoOfoLR+LJ0XG0Vt1JDAujQZXHqFG7HFzq/IYo/l8N8VpnviH0FEPNVHba
lON5ultm/X2IYr8aAM5NQfaW1qQXue/ZzxgHU6EOQKPIIlJ4po+ymmWek60bJYc/
tkvQ8D1PnZHMN3fpDuXtwQZ+GsWKzq+VZkHktloxbEL5t2nEMrgep8yJJbUg/niR
5K3zHPHfyPLmEG+cVFONLDnpF4B+18HrMbNZkI5EiYRf95K+Ow6xi9oN4eDUjgsD
/J8Cd6uJyrZVCxLgVGPJUmbTkoUMDPnyKAWo/d9MNbAiOCfYWQu4xmYyc3c+nn18
TvXC0TrI4F0E6KYNyr/g0dXLNZbqm4sq/MBJy3L4cYTipNdDruO3naC7km5H+cuw
xj7LRgUndRmjL8uBg6ZJDAMRZHkYKfHgW4Dy0N83OOGdBnK5eT1Or6/mmQKWloT5
a17w/mT8Iwg=
=xRjL
-----END PGP SIGNATURE-----
--J2SCkAp4GZ/dPZZf--
