Kaminsky finds DNS exploit
Victor Duchovni
Victor.Duchovni at morganstanley.com
Wed Jul 9 13:02:57 EDT 2008
On Wed, Jul 09, 2008 at 08:20:33AM -0700, Paul Hoffman wrote:
> First off, big props to Dan for getting this problem fixed in a
> responsible manner. If there were widespread real attacks first, it
> would take forever to get fixes out into the field.
>
> However, we in the security circles don't need to spread the
> "Kaminsky finds" meme. Take a look at
> <http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
> The first draft of this openly-published document was in January
> 2007. It is now in WG last call.
>
> The take-away here is not that "Dan didn't discover the problem", but
> "Dan got it fixed". An alternate take-away is that IETF BCPs don't
> make nearly as much difference as a diligent security expert with a
> good name.
The "discovery" is almost certainly a generalization of:
http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-05#section-4.3
specifically the second paragraph the mentions the "Birthday Attack". The
assumptions of that paragraph can be relaxed in a natural way to broaden
the scope of the attack.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list