Ben Laurie wrote:
Paul Hoffman wrote:
First off, big props to Dan for getting this problem fixed in a responsible manner. If there were widespread real attacks first, it would take forever to get fixes out into the field.

However, we in the security circles don't need to spread the "Kaminsky finds" meme. Take a look at <>. The first draft of this openly-published document was in January 2007. It is now in WG last call.

The take-away here is not that "Dan didn't discover the problem", but "Dan got it fixed". An alternate take-away is that IETF BCPs don't make nearly as much difference as a diligent security expert with a good name.

Guess you need to tell Dan that - he seems to think he did discover it.

Well, he does seem to credit quite a few people and companies on his own blog entry about the matter: <>

It does seem he would like an air of some mystery to exist though until he makes his presentation about the issue at Defcon - did he, himself, discover something new? We'll just have to wait, unless we go play with the BIND code ourselves.


- johnk

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to