Kaminsky finds DNS exploit
John Levine
johnl at iecc.com
Mon Jul 14 10:22:30 EDT 2008
>CERT/CC mentions this:
>
>| It is important to note that without changes to the DNS protocol, such
>| as those that the DNS Security Extensions (DNSSEC) introduce, these
>| mitigations cannot completely prevent cache poisoning.
Why wouldn't switching to TCP lookups solve the problem? It's
arguably more traffic than DNSSEC, but it has the large practical
advantage that they actually work with deployed servers today.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list