Paul Hoffman wrote:
First off, big props to Dan for getting this problem fixed in a
responsible manner. If there were widespread real attacks first, it
would take forever to get fixes out into the field.
However, we in the security circles don't need to spread the "Kaminsky
finds" meme. Take a look at
<http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
The first draft of this openly-published document was in January 2007.
It is now in WG last call.
The take-away here is not that "Dan didn't discover the problem", but
"Dan got it fixed". An alternate take-away is that IETF BCPs don't make
nearly as much difference as a diligent security expert with a good name.
Guess you need to tell Dan that - he seems to think he did discover it.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
