Attacking networks using DHCP, DNS - probably kills DNSSEC

bear bear at
Tue Jul 1 12:48:37 EDT 2003

On Tue, 1 Jul 2003, Peter Gutmann wrote:

> Given that their goal is zero-configuration networking, I can see
> that being required to provide a shared secret would mess things up
> a bit for them.  It'd be a bit like PKIX being asked to make
> ease-of-use a consideration in their work, or OpenPGP to take X.509
> compatibility into account.

I tend to agree...  I don't think "zero-configuration" networking has
a real possibility to create any safety zones beyond the immediate
physical machine.  After all, if you can plug it into any network and
it just works, you can plug it into an insecure or subverted network
and it'll just work.

At the very least you've got to have a file of keys.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list