Ben Laurie wrote:
Paul Hoffman wrote:
First off, big props to Dan for getting this problem fixed in a
responsible manner. If there were widespread real attacks first, it
would take forever to get fixes out into the field.
However, we in the security circles don't need to spread the "Kaminsky
finds" meme. Take a look at
<http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-forgery-resilience/>.
The first draft of this openly-published document was in January 2007.
It is now in WG last call.
The take-away here is not that "Dan didn't discover the problem", but
"Dan got it fixed". An alternate take-away is that IETF BCPs don't
make nearly as much difference as a diligent security expert with a
good name.
Guess you need to tell Dan that - he seems to think he did discover it.
Well, he does seem to credit quite a few people and companies on his own
blog entry about the matter: <http://www.doxpara.com/?p=1162>
It does seem he would like an air of some mystery to exist though until
he makes his presentation about the issue at Defcon - did he, himself,
discover something new? We'll just have to wait, unless we go play with
the BIND code ourselves.
Regards,
- johnk
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
