On Wed, Jul 09, 2008 at 08:20:33AM -0700, Paul Hoffman wrote:

> First off, big props to Dan for getting this problem fixed in a 
> responsible manner. If there were widespread real attacks first, it 
> would take forever to get fixes out into the field.
> 
> However, we in the security circles don't need to spread the 
> "Kaminsky finds" meme. Take a look at 
> <http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>. 
> The first draft of this openly-published document was in January 
> 2007. It is now in WG last call.
> 
> The take-away here is not that "Dan didn't discover the problem", but 
> "Dan got it fixed". An alternate take-away is that IETF BCPs don't 
> make nearly as much difference as a diligent security expert with a 
> good name.

The "discovery" is almost certainly a generalization of:

http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-05#section-4.3

specifically the second paragraph the mentions the "Birthday Attack". The
assumptions of that paragraph can be relaxed in a natural way to broaden
the scope of the attack.

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to