Kaminsky finds DNS exploit

John Kemp john at jkemp.net
Wed Jul 9 13:23:25 EDT 2008


Ben Laurie wrote:
> Paul Hoffman wrote:
>> First off, big props to Dan for getting this problem fixed in a 
>> responsible manner. If there were widespread real attacks first, it 
>> would take forever to get fixes out into the field.
>>
>> However, we in the security circles don't need to spread the "Kaminsky 
>> finds" meme. Take a look at 
>> <http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>. 
>> The first draft of this openly-published document was in January 2007. 
>> It is now in WG last call.
>>
>> The take-away here is not that "Dan didn't discover the problem", but 
>> "Dan got it fixed". An alternate take-away is that IETF BCPs don't 
>> make nearly as much difference as a diligent security expert with a 
>> good name.
> 
> Guess you need to tell Dan that - he seems to think he did discover it.

Well, he does seem to credit quite a few people and companies on his own 
blog entry about the matter: <http://www.doxpara.com/?p=1162>

It does seem he would like an air of some mystery to exist though until 
he makes his presentation about the issue at Defcon - did he, himself, 
discover something new? We'll just have to wait, unless we go play with 
the BIND code ourselves.

Regards,

- johnk

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list