Kaminsky finds DNS exploit
Ben Laurie
ben at links.org
Wed Jul 9 12:36:02 EDT 2008
Paul Hoffman wrote:
> First off, big props to Dan for getting this problem fixed in a
> responsible manner. If there were widespread real attacks first, it
> would take forever to get fixes out into the field.
>
> However, we in the security circles don't need to spread the "Kaminsky
> finds" meme. Take a look at
> <http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
> The first draft of this openly-published document was in January 2007.
> It is now in WG last call.
>
> The take-away here is not that "Dan didn't discover the problem", but
> "Dan got it fixed". An alternate take-away is that IETF BCPs don't make
> nearly as much difference as a diligent security expert with a good name.
Guess you need to tell Dan that - he seems to think he did discover it.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list