Attacking networks using DHCP, DNS - probably kills DNSSEC
Steven M. Bellovin
smb at research.att.com
Sun Jun 29 21:46:49 EDT 2003
In message <iluof0gh7vy.fsf at latte.josefsson.org>, Simon Josefsson writes:
>
>Of course, everything fails if you ALSO get your DNSSEC root key from
>the DHCP server, but in this case you shouldn't expect to be secure.
>I wouldn't be surprised if some people suggest pushing the DNSSEC root
>key via DHCP though, because alas, getting the right key into the
>laptop in the first place is a difficult problem.
>
I can pretty much guarantee that the IETF will never standardize that,
except possibly in conjunction with authenticated dhcp.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list