https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6221
--- Comment #9 from Sidney Markowitz <[email protected]> 2010-01-27 09:27:22 UTC --- (in reply to comment #8) I didn't reference the Dan Kaminsky vulnerability because of security concerns, so using a trusted filtered local server or whatever is not the issue. If you go back through the complicated discussion in bug 4260 the point is to assure that the 32 bit combination of port and ID do not get reused within the possible lifetime of a DNS request and its reply. The insight we got from that bug was that there really are so many DNS queries that a 16 bit space just from the ID is not enough to avoid collisions. It is the same problem that the Kaminsky vulnerability was based on, which is why I am wondering if the solution to that vulnerability, which should be pretty universally deployed now, has now spread the port/ID combination that is seen in practice out over more of the possible 32-bit space, rendering the code that we put in no longer necessary. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
