First off, big props to Dan for getting this problem fixed in a
responsible manner. If there were widespread real attacks first, it
would take forever to get fixes out into the field.
However, we in the security circles don't need to spread the
"Kaminsky finds" meme. Take a look at
<http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
The first draft of this openly-published document was in January
2007. It is now in WG last call.
The take-away here is not that "Dan didn't discover the problem", but
"Dan got it fixed". An alternate take-away is that IETF BCPs don't
make nearly as much difference as a diligent security expert with a
good name.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
