Kaminsky finds DNS exploit
John Kemp
john at jkemp.net
Wed Jul 9 13:23:25 EDT 2008
Ben Laurie wrote:
> Paul Hoffman wrote:
>> First off, big props to Dan for getting this problem fixed in a
>> responsible manner. If there were widespread real attacks first, it
>> would take forever to get fixes out into the field.
>>
>> However, we in the security circles don't need to spread the "Kaminsky
>> finds" meme. Take a look at
>> <http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
>> The first draft of this openly-published document was in January 2007.
>> It is now in WG last call.
>>
>> The take-away here is not that "Dan didn't discover the problem", but
>> "Dan got it fixed". An alternate take-away is that IETF BCPs don't
>> make nearly as much difference as a diligent security expert with a
>> good name.
>
> Guess you need to tell Dan that - he seems to think he did discover it.
Well, he does seem to credit quite a few people and companies on his own
blog entry about the matter: <http://www.doxpara.com/?p=1162>
It does seem he would like an air of some mystery to exist though until
he makes his presentation about the issue at Defcon - did he, himself,
discover something new? We'll just have to wait, unless we go play with
the BIND code ourselves.
Regards,
- johnk
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list